VMware Horizon Community
ELJohnson
Contributor
Contributor
‎01-04-2022 08:40 AM

Apache has updated Log4j core to 2.17 after the 16th, we are vuln again

Apache has updated Log4j core to 2.17 after the 16th and now are agents are showing vulnerable again. Is VMware addressing this change?

 

We have already updated to the 7.13.1 which came out 12/16/2021 - and it was compliant until Apache updated the Log4j core to 2.17 a week later.

 

 

0 Kudos
1 Reply
FelixYan
VMware Employee
VMware Employee
‎01-13-2022 10:59 PM

Yes, we have aware the new Log4j version. Team is planning the product upgrade according to the risk score based on vulnerability. Please stay tuned to Horizon's release page. Thanks!

0 Kudos