AEM Forms J2EE Log4J security buelletin

Forum|Forum|4 years ago
February 24, 2022
3 replies
958 views

Hallo,

last year there was the big security bulletin with Log4J. Because of that there was a Fix for AEM Forms J2EE: AEMForms-6.5.0-0038 which updated the Log4J Version to 2.16 in AEM Forms J2EE and we deployed that. After that Log4J Update (V2.16) there were 2 other security buelletins:

CVE-2021-45105

CVE-2021-44832

I am aware that on this page it is described that Adobe Forms J2EE is not affected by these 2 new issuses. But because of the big news regarding to Log4J we have to ask from our security department if it is planned to upgrade to 2.17.1 and if the latest version will be included in a future fix? If so, when will the fix be released?

Best regards,

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Pulkit_Jain_

@ben97

Log4j 2.17.1 is tentatively going to be part of the upcoming release i.e AEM Forms JEE SP12 (GA March first week).

Hope this helps!

B

Ben97Author

New Participant

@pulkit_jain_ @mayank_tiwari Thank you very much for your very fast replies! That is perfekt!

Mayank_Tiwari

Employee

Log4j version 2.17.1 will be avaialble in 6.5.12 JEE Service Pack.

As per the following link, AEM Forms releases the add-on packages and JEE patch one week after the scheduled AEM Service Pack and Cumulative Fix Pack release date(Feb 24). So, JEE 6.5.12 will be available by March 3.

https://experienceleague.adobe.com/docs/experience-manager-release-information/aem-release-updates/forms-updates/aem-forms-releases.html?lang=en

Pulkit_Jain_Accepted solution

Employee

@ben97

Log4j 2.17.1 is tentatively going to be part of the upcoming release i.e AEM Forms JEE SP12 (GA March first week).

Hope this helps!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded