Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
How update log4j ?
Thanks
Hello,
For information on how the Log4j2 vulnerability can be mitigated, please look here....
https://www.talend.com/security/incident-response/
Best regards
Sabrina
Hi,
We are using Talend Studio version 7.3.1 which has Log4j - 2.12.1
we have Log4J disabled in the project settings. We wanted to confirm if it is still a risk?
The work around mentioned for Talend Studio https://www.talend.com/security/incident-response/
comes into effect or is saved only when L4J is enabled. Could you please confirm if there's a risk if its totally disabled on the Project properties.
Hello,
I'm not sure that there's a risk if its totally disabled on the Project properties.
Could you please contact Talend Support for assistance?
Best regards
Sabrina
Hi AT_bytes,
Did you get the answer to your question ?
I'm using also Talend Open Studio version 7.3.1 and Log4j is disabled in project settings.
But the log4j librairies are embedded in the job build, I don't know why.
If Log4j is disabled in project settings, do we have only to delete log4j librairies in the job build ?
Thanks in advance
Hello,
Remediation for Talend Open Source is not in scope, please feel free to create a jira issue of TUP project on talend bug tracker. Our developers from RD team will check it to see if there is any work item for it.
https://jira.talendforge.org/secure/Dashboard.jspa
Best regards
Sabrina
Hello Fernandez,
Not yet. For now, we are just following these steps:
"For running jobs in the Studio, the issue can be mitigated by specifying: "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when running the job." recommended on https://www.talend.com/security/incident-response/