Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
See what Drew Clarke has to say about the Qlik Talend Cloud launch! READ THE BLOG
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
sla
Contributor
Contributor
‎2021-12-14 08:39 PM

log4J

Hi,

How update log4j ?

Thanks

Labels (3)
Labels
134 Views
6 Replies
Anonymous
Not applicable
‎2021-12-15 09:58 PM

Hello,

For information on how the Log4j2 vulnerability can be mitigated, please look here....

https://www.talend.com/security/incident-response/

Best regards

Sabrina

134 Views
0 Likes
AT_bytes
Contributor
Contributor
‎2021-12-15 10:10 PM

In response to Anonymous

Hi,

 

We are using Talend Studio version 7.3.1 which has Log4j - 2.12.1

 

we have Log4J disabled in the project settings. We wanted to confirm if it is still a risk?

 

The work around mentioned for Talend Studio https://www.talend.com/security/incident-response/

comes into effect or is saved only when L4J is enabled. Could you please confirm if there's a risk if its totally disabled on the Project properties.

134 Views
0 Likes
Anonymous
Not applicable
‎2021-12-15 10:16 PM

In response to AT_bytes

Hello,

I'm not sure that there's a risk if its totally disabled on the Project properties.

Could you please contact Talend Support for assistance?

Best regards

Sabrina

134 Views
0 Likes
Fernandez
Creator II
Creator II
‎2021-12-21 08:28 AM

In response to AT_bytes

Hi AT_bytes,

 

Did you get the answer to your question ?

I'm using also Talend Open Studio version 7.3.1 and Log4j is disabled in project settings.

But the log4j librairies are embedded in the job build, I don't know why.

 

If Log4j is disabled in project settings, do we have only to delete log4j librairies in the job build ?

 

Thanks in advance

 

 

134 Views
0 Likes
Anonymous
Not applicable
‎2021-12-21 10:29 PM

Hello,

Remediation for Talend Open Source is not in scope, please feel free to create a jira issue of TUP project on talend bug tracker. Our developers from RD team will check it to see if there is any work item for it.

https://jira.talendforge.org/secure/Dashboard.jspa

Best regards

Sabrina

134 Views
0 Likes
AT_bytes
Contributor
Contributor
‎2021-12-21 11:09 PM

In response to AT_bytes

Hello Fernandez,

 

Not yet. For now, we are just following these steps:

 

"For running jobs in the Studio, the issue can be mitigated by specifying: "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when running the job." recommended on https://www.talend.com/security/incident-response/

 

134 Views
0 Likes