Is Drools Business Rules Management impacted by CVE-2021-44228

Question

Is Drools Business Rules Management impacted by CVE-2021-44228

418 views Asked by Stephen At 13 December 2021 at 13:28

We are using Drools for our business rules. Is Drools impacted/expose to the CVE-2021-44228 (Log4Shell or Log4J/Apache/Java vulnerability

Original Q&A

There are 2 answers

alain.janinm On 13 December 2021 at 16:45

Looks like its not the case. In this thread you can find all apps impacted : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

**tarilabs** · Accepted Answer · 2021-12-13 19:08:43

The whole KIE ecosystem (Kogito, Drools, OptaPlanner and jBPM) moved to SLF4J, a different logging facade with Logback as default implementation, a few years ago and it is therefore not vulnerable by CVE-2021-44228. Accordingly, our recommendation is to ensure your applications are updated to the latest community versions (at the time of writing, Drools, jBPM, KIE Workbench/Business Central and KIE Server 7.62.0.Final, Kogito 1.14.1.Final, Optaplanner 8.14.0.Final).

from this blog post.

We invite you to keep monitoring the blog post, in the case there might be in the future any further findings.

TechQA.

Is Drools Business Rules Management impacted by CVE-2021-44228

There are 2 answers

Related Questions in LOG4J

Related Questions in DROOLS

Related Questions in LOG4SHELL

Popular Questions

Popular Tags

Trending Questions