TechQA.

Is Drools Business Rules Management impacted by CVE-2021-44228

432 views Asked by At

We are using Drools for our business rules. Is Drools impacted/expose to the CVE-2021-44228 (Log4Shell or Log4J/Apache/Java vulnerability

log4j drools log4shell
Original Q&A
2

There are 2 answers

3
tarilabs On BEST ANSWER

The whole KIE ecosystem (Kogito, Drools, OptaPlanner and jBPM) moved to SLF4J, a different logging facade with Logback as default implementation, a few years ago and it is therefore not vulnerable by CVE-2021-44228. Accordingly, our recommendation is to ensure your applications are updated to the latest community versions (at the time of writing, Drools, jBPM, KIE Workbench/Business Central and KIE Server 7.62.0.Final, Kogito 1.14.1.Final, Optaplanner 8.14.0.Final).

from this blog post.

We invite you to keep monitoring the blog post, in the case there might be in the future any further findings.

0
alain.janinm On

Looks like its not the case. In this thread you can find all apps impacted : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Related Questions in LOG4J

Related Questions in DROOLS

Related Questions in LOG4SHELL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions