AgilQuest is aware of the Log4j vulnerability reported under CVE-2021-44228 as reported by NIST (https://nvd.nist.gov/vuln/detail/CVE-2021-44228). The core Forum application stack for AgilQuest Forum is built upon the Wildfly application server. Wildfly does not and never has included the specific components impacted by CVE-2021-44228. Please follow this link for more detail: https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/.
AgilQuest Forum does make use of Log4j in an auxiliary component used for server based data import. AgilQuest found that the specific version in use did fall within the range of impacted versions Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3). AgilQuest immediately assigned resources to update the component to Log4j 2.17.0 as directed under the Apache Software Foundation’s published vulnerability mitigation (https://logging.apache.org/log4j/2.x/). The update has been implemented within the application, tested, and published up through and into production.
If you should have any additional concerns or questions, please reach out to the AgilQuest Customer Success Team.
Comments
0 comments
Please sign in to leave a comment.