Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Introducing Qlik Answers: A plug-and-play, Generative AI powered RAG solution. READ ALL ABOUT IT!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
SZollikofer
Contributor
Contributor
‎2021-12-13 06:47 AM

log4j vulnerability

Hi,

is Talend BD 6.4.1 affected at all by the log4j vulnerability problem?

The Talend installation and workspace directories only contain older versions log4j-1.2.15.jar and log4j-1.2.16.jar.

The log4j problem affects only log4j versions higher than 2.0.

So am I correct that Talend BD 6.4.1 is not affected?

Labels (2)
Labels
510 Views
13 Replies
dtxstg
Contributor
Contributor
‎2022-02-10 06:55 AM

Hello,

 

we are waiting for a patch fixing this issue (TOS version 8.0.1). The last update of the article https://www.talend.com/security/incident-response/ was three weeks ago. The only information regarding a patch for TOS is "Remediation for Talend Open Source is not in scope". Are there any information when a patch for TOS approximately is beeing released?

131 Views
0 Likes
Anonymous
Not applicable
‎2022-02-10 10:30 AM

In response to dtxstg

I'm afraid a patch for TOS will not be released. It will be fixed in the next version. There are certain mitigation steps you can follow in the article you linked to.

131 Views
0 Likes
dtxstg
Contributor
Contributor
‎2022-02-10 11:35 AM

@Richard Hall​  Thank you for your fast reply. Is it foreseeable when the next Version of TOS is beeing released?

131 Views
0 Likes
Anonymous
Not applicable
‎2022-02-10 01:35 PM

In response to dtxstg

Hi @Marc Veitinger​,,

 

I am not currently aware of the schedule for the next release, but I have put a couple of questions out to our R&D team. When I get a response, I will update.

 

I should point out that they may not have this set in stone as yet since we have only just released v8. If that is the case, it may take a while before I can confirm a period.

 

Regards

 

Richard

131 Views
0 Likes