Blog Posts BPMN DMN

KIE & Log4j2 exploit CVE-2021-44228

Blog: Drools & jBPM Blog

Log4J 2.x is a widely used Java logging framework. Unfortunately a few days ago it has been exposed to an important security vulnerability (“Log4Shell”, CVE-2021-44228). 

The whole KIE ecosystem (Kogito, Drools, OptaPlanner and jBPM) moved to SLF4J, a different logging facade with Logback as default implementation, a few years ago and it is therefore not vulnerable by CVE-2021-44228. Accordingly, our recommendation is to ensure your applications are updated to the latest community versions (at the time of writing, Drools, jBPM, KIE Workbench/Business Central and KIE Server 7.62.0.Final, Kogito 1.14.1.Final, Optaplanner 8.14.0.Final).

Therefore if you’re using KIE projects as libraries in your projects you are not affected by this problem. Conversely the only exception to this is the AppFormer Dashbuilder, that declares the dependency to Log4j2 without actually using it. Dashbuilder is a monitoring component included in Business Central. We are about to remove the dependency declaration just in case.

In case you’re declaring and/or using Log4j2 dependency in your own KIE projects, please make sure to upgrade Log4j2 as soon as possible to version 2.15.0 which solves this problem. 

We invite you to monitor this blog post, which will be updated in case of any future additional findings.

Further readings: – official statement from SLF4J team

The post KIE & Log4j2 exploit CVE-2021-44228 appeared first on KIE Community.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples