Is Drools Business Rules Management impacted by CVE-2021-44228

475 Views Asked by Stephen At 13 December 2021 at 13:28

We are using Drools for our business rules. Is Drools impacted/expose to the CVE-2021-44228 (Log4Shell or Log4J/Apache/Java vulnerability

Original Q&A

There are 2 best solutions below

tarilabs On 13 December 2021 at 19:08 BEST ANSWER

The whole KIE ecosystem (Kogito, Drools, OptaPlanner and jBPM) moved to SLF4J, a different logging facade with Logback as default implementation, a few years ago and it is therefore not vulnerable by CVE-2021-44228. Accordingly, our recommendation is to ensure your applications are updated to the latest community versions (at the time of writing, Drools, jBPM, KIE Workbench/Business Central and KIE Server 7.62.0.Final, Kogito 1.14.1.Final, Optaplanner 8.14.0.Final).

from this blog post.

We invite you to keep monitoring the blog post, in the case there might be in the future any further findings.

alain.janinm On 13 December 2021 at 16:45

Looks like its not the case. In this thread you can find all apps impacted : https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Is Drools Business Rules Management impacted by CVE-2021-44228

There are 2 best solutions below

Related Questions in LOG4J

Related Questions in DROOLS

Related Questions in LOG4SHELL

Trending Questions

Popular # Hahtags

Popular Questions