log4j vulnerability in mendix version 9.2.0

-1
Mendix 9.2.0 version is using log4j (log4j-core-2.11.1.jar and log4j-api-2.11.1.jar). What is procedure to update log4j version (above 2.14.0). Need your support on this.
asked
1 answers
1

Mendix 9.2 itself might use them, but only for Studio Pro itself, not the resulting application. So no harm here. 

Though it can be that you are using a (older) Marketplace module which is affected.

See these threads for more help;

https://forum.mendix.com/link/questions/111799 

https://forum.mendix.com/link/questions/111800

Mendix own statement: 

https://status.mendix.com/incidents/8j5043my610c 

 

answered