remediation plans to fix the vulnerability for the log4j version

0
during analysis we found that the log4j is used in the below paths and we are presenting high vulnerability by using this versions. could you please mention what are the remediation plans for the vulnerability to fix.  /opt/oracle.ahf/common/jlib/log4j-api-2.13.3.jar /opt/oracle.ahf/common/jlib/log4j-core-2.13.3.jar  /opt/perf/newconfig/java/log4j-1.2.8.jar /opt/perf/newconfig/java/log4j.dtd /orawork/oracle.ahf/common/jlib/log4j-api-2.13.3.jar /orawork/oracle.ahf/common/jlib/log4j-core-2.13.3.jar
asked
2 answers
0

I see you are using a very old version of Mendix.

You would need to move up to one of the long term support versions of Mendix as these have security fixes applied to them. 

The closest long term support version to yours is 7.23.

More details on long term support can be found here.
https://docs.mendix.com/releasenotes/studio-pro/lts-mts#lts

answered
0

Mendix published an incident report (updating regularly) for this, maybe it can be helpful;

https://status.mendix.com/incidents/8j5043my610c

 

answered