Welcome to Knowage Q&A, where you can ask questions and receive answers from other members of the community.

Categories

Most popular tags

cockpit dataset error chart datasource installer datasets installation widget parameters business-model olap knowage knowage_7_1 integration login knowage_7_1-ce report-designer cross-navigation analyticaldriver

log4j exploit CVE-2021-44228

0 votes
1 view
Hi,

In the news there is a lot of discussion about the CVE-2021-44228 log4j exploit.

I notice that Knowage is using log4j. With the exploit just being in the news, I wonder whether you could explain whether the Knowage systems are safe or not? I notice that in the version we're using older versions of log4j are used. Also I notice that Apache does not make a statement about these versions of log4j anymore.

But perhaps you can tell which versions of Knowage do have a problem and whether there is a quick solution to it?

Best regards and thanks in advance,

Freek
Environment Ubuntu, Knowage 7.1.7
in Standard by (290 points)

1 Answer

+1 vote

Dear @freek
as far as we know:

  1. log4j vulnerable Java class is not contained in Knowage log4j version, therefore I think this vulnerability does not apply;
  2. log4j configuration in Knowage does not match the vulnerable ones.

Therefore we do not see critical risks at the moment.
If you have more information and you see critical risks, please share with us.
Anyhow, we are evaluating the migration to the latest log4j version asap.
Thanks
Davide

by (1.9k points)
Thanks Davide for the quick response,

That is great news.

Best regards,

Freek
by (290 points)
Powered by Question2Answer
...