Drools 业务规则管理是否受 CVE-2021-44228 影响
Is Drools Business Rules Management impacted by CVE-2021-44228
我们将 Drools 用于我们的业务规则。 Drools impacted/expose 是否存在 CVE-2021-44228(Log4Shell 或 Log4J/Apache/Java 漏洞
看起来并非如此。
在此线程中,您可以找到所有受影响的应用程序:https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
The whole KIE ecosystem (Kogito, Drools, OptaPlanner and jBPM) moved to SLF4J, a different logging facade with Logback as default implementation, a few years ago and it is therefore not vulnerable by CVE-2021-44228. Accordingly, our recommendation is to ensure your applications are updated to the latest community versions (at the time of writing, Drools, jBPM, KIE Workbench/Business Central and KIE Server 7.62.0.Final, Kogito 1.14.1.Final, Optaplanner 8.14.0.Final).
来自这个blog post。
我们邀请您继续关注博客 post,以防将来有任何进一步的发现。
我们将 Drools 用于我们的业务规则。 Drools impacted/expose 是否存在 CVE-2021-44228(Log4Shell 或 Log4J/Apache/Java 漏洞
看起来并非如此。 在此线程中,您可以找到所有受影响的应用程序:https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
The whole KIE ecosystem (Kogito, Drools, OptaPlanner and jBPM) moved to SLF4J, a different logging facade with Logback as default implementation, a few years ago and it is therefore not vulnerable by CVE-2021-44228. Accordingly, our recommendation is to ensure your applications are updated to the latest community versions (at the time of writing, Drools, jBPM, KIE Workbench/Business Central and KIE Server 7.62.0.Final, Kogito 1.14.1.Final, Optaplanner 8.14.0.Final).
来自这个blog post。
我们邀请您继续关注博客 post,以防将来有任何进一步的发现。