Log4j vulnerabaility
jomonthomaslobo opened this issue · 1 comments
jomonthomaslobo commented
Is there any patches released for Log4j vulnerability ?
davide-zerbetto commented
Dear @jomonthomaslobo
if you refer to CVE-2021-44228, as far as we know:
- vulnerable Java class is not contained in Knowage log4j version;
- log4j configuration in Knowage does not match the vulnerable ones.
Therefore we do not see critical risks at the moment.
If you have more information and you see critical risks, please share with us.
Thanks
Davide