log4j vulnerability

SZollikofer · ‎2021-12-13

Hi,

is Talend BD 6.4.1 affected at all by the log4j vulnerability problem?

The Talend installation and workspace directories only contain older versions log4j-1.2.15.jar and log4j-1.2.16.jar.

The log4j problem affects only log4j versions higher than 2.0.

So am I correct that Talend BD 6.4.1 is not affected?

dtxstg · ‎2022-02-10

Hello,

we are waiting for a patch fixing this issue (TOS version 8.0.1). The last update of the article https://www.talend.com/security/incident-response/ was three weeks ago. The only information regarding a patch for TOS is "Remediation for Talend Open Source is not in scope". Are there any information when a patch for TOS approximately is beeing released?

Anonymous · ‎2022-02-10

I'm afraid a patch for TOS will not be released. It will be fixed in the next version. There are certain mitigation steps you can follow in the article you linked to.

dtxstg · ‎2022-02-10

@Richard Hall Thank you for your fast reply. Is it foreseeable when the next Version of TOS is beeing released?

Anonymous · ‎2022-02-10

Hi @Marc Veitinger,,

I am not currently aware of the schedule for the next release, but I have put a couple of questions out to our R&D team. When I get a response, I will update.

I should point out that they may not have this set in stone as yet since we have only just released v8. If that is the case, it may take a while before I can confirm a period.

Regards

Richard

Big Data

v6.x