![]() DetailsĪfter careful review of the corresponding library, the reported vulnerability and the use within KNIME software, we came to the conclusion that the vulnerabilities can not be exploited in KNIME products.Īpache Log4j is a library to perform logging of application behavior. This is one of the official workarounds and safely prevents exploitation of the vulnerability. In any case, we recommend adding the system property -Dlog4j2.formatMsgNoLookups=true at the bottom of the knime.ini. The only exception is a library used for processing PMML documents which does use Log4j 2 but is not susceptible to the published exploits. ![]() KNIME Analytics Platform uses an older version of Log4j (1.2.15) which is not affected by this issue. KNIME Server application is not using Log4j. Neither KNIME Server nor KNIME Analytics Platform are directly affected by these issues. ![]() Details on the vulnerabilites are reported as CVE-2021-44228 5 and CVE-2021-45046 with more details and links on the Log4J security page 7. Several security vulnerability were identified in Apache Log4j 2, a library also present in current KNIME Analytics Platform installations (version 4.4 and 4.5). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |