我们将 Drools 用于我们的业务规则。 Drools 是否受到 CVE-2021-44228(Log4Shell 或 Log4J/Apache/Java 漏洞)的影响/暴露
最佳答案
The whole KIE ecosystem (Kogito, Drools, OptaPlanner and jBPM) moved to SLF4J, a different logging facade with Logback as default implementation, a few years ago and it is therefore not vulnerable by CVE-2021-44228. Accordingly, our recommendation is to ensure your applications are updated to the latest community versions (at the time of writing, Drools, jBPM, KIE Workbench/Business Central and KIE Server 7.62.0.Final, Kogito 1.14.1.Final, Optaplanner 8.14.0.Final).
从此 blog post .
我们邀请您继续关注博客文章,以防将来有任何进一步的发现。
关于log4j - Drools 业务规则管理是否受 CVE-2021-44228 影响,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70335441/