Summary
Product |
Cloud / On-Prem |
Version |
Mitigation |
Patch |
ESB Runtime
|
Both |
8.0 |
Add "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument and restart runtime. Additional details below in section « Mitigation steps for ESB Runtime » |
TPS-5064-RT (23-DEC-2021) |
7.3 |
Add "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument and restart runtime Additional details below in section « Mitigation steps for ESB Runtime » |
TPS-5061-RT (28-DEC-2021) |
||
7.2 |
Additional details below in section « Mitigation steps for ESB Runtime » |
TPS-5060-RT (23-DEC-2021) |
||
7.1.1 (EOL) |
Impacted |
TPS-5069 (23-DEC-2021) |
||
IAM |
On-Prem |
8.0 |
Add "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument and restart IAM. Additional details below in section « Mitigation steps for IAM » |
TPS-5054 (17-DEC-2021) |
7.3 |
Add "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument and restart IAM. Additional details below in section « Mitigation steps for IAM » |
TPS-5055 (17-DEC-2021)
|
||
7.2 |
Add "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument and restart IAM. Additional details below in section « Mitigation steps for IAM » |
TPS-5056 (17-DEC-2021)
|
||
7.1.1 (EOL) |
Impacted |
TPS-5071 (27-DEC-2021) |
||
JobServer
|
On-Prem |
8.0 |
Set environment variable JAVA_TOOL_OPTIONS=-Dlog4j2.formatMsgNoLookups=true in JobServer start script and restart JobServer.Additional details below in section « Mitigation steps for JobServer » |
TPS-5039 (17-DEC-2021)
|
7.3 |
Set environment variable JAVA_TOOL_OPTIONS=-Dlog4j2.formatMsgNoLookups=true in JobServer start script and restart JobServer.Additional details below in section « Mitigation steps for JobServer » |
TPS-5040 (16-DEC-2021)
|
||
7.2 |
Set environment variable JAVA_TOOL_OPTIONS=-Dlog4j2.formatMsgNoLookups=true in JobServer start script and restart JobServer.Additional details below in section « Mitigation steps for JobServer » |
TPS-5043 (17-DEC-2021)
|
||
7.1.1 (EOL) |
No Impact |
No Impact |
||
LogServer |
On-Prem |
8.0 |
TPS-5057 (17-DEC-2021)
|
|
7.3 |
TPS-5058 (17-DEC-2021)
|
|||
7.2 |
TPS-5059 (17-DEC-2021)
|
|||
7.1.1 (EOL) |
Impacted |
TPS-5072 (24-DEC-2021)
|
||
MDM
|
On-Prem |
8.0 |
For MDM, the issue can be mitigated by specifying "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when starting Tomcat. For running jobs in MDM, the issue can be mitigated by modifying every logging pattern layout " %m" by " %m{nolookups}" in log4j-jobox.xml. See additional details in « Mitigation steps for MDM » |
TPS-5052 (24-DEC-2021)
|
7.3 |
For MDM, the issue can be mitigated by specifying "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when starting Tomcat. For running jobs in MDM, the issue can be mitigated by modifying every logging pattern layout " %m" by " %m{nolookups}" in log4j-jobox.xml. See additional details in « Mitigation steps for MDM » |
TPS-5019 (21-DEC-2021)
|
||
7.2 |
No Impact |
No Impact |
||
7.1.1 (EOL) |
No Impact |
No Impact |
||
Remote Engine Gen1 |
Both |
All |
Additional details below in section « Mitigation steps for Remote Engine Gen 1 » |
RE 2.11.7 (24-DEC-2021)
|
Remote Engine Gen1 (Marketplace) |
Both
|
All
|
Additional details below in section « Mitigation steps for Remote Engine Gen 1 »
|
RE 2.11.7 (31-DEC-2021) |
Remote Engine Gen2 |
Both
|
All |
If your Remote Engine Gen 2 is R2021-12, you need to restart each Remote Engine to automatically get the fix. If you are on lower version than R2021-12, you need to upgrade and restart to get the fix. |
R2021-12 |
Stitch Data Loader |
Cloud |
All |
No Impact |
No Impact |
Talend Administration Center (TAC) |
On-Prem |
8.0 |
set "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when starting Tomcat. See additional details in « Mitigation steps for TAC » |
TPS-5053 (21-DEC-2021)
|
7.3 |
set "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when starting Tomcat. See additional details in « Mitigation steps for TAC » |
TPS-5025 (17-DEC-2021)
|
||
7.2 |
No Impact |
No Impact |
||
7.1.1 (EOL) |
No Impact |
No Impact |
||
Talend Cloud Applications |
Cloud |
All |
N/A |
Fixed |
Talend Data Catalog |
Cloud |
All |
No impact |
No Impact |
On-Prem |
All |
Update your environment to the latest TDC version which includes Apache Log4j v2.17, by upgrading to TDC-7.3-20220105 or higher. |
TDC-7.3-20220105 (05-JAN-2022) |
|
Talend Data Preparation |
Both |
8.0 |
No Impact |
No Impact |
7.3.1 |
No Impact |
No Impact |
||
7.2.1 |
No Impact |
No Impact |
||
7.1.1 (EOL) |
No Impact |
No Impact |
||
Talend Data Stewardship |
Both |
8.0 |
No Impact |
No Impact |
7.3.1 |
No Impact |
No Impact |
||
7.2.1 |
No Impact |
No Impact |
||
7.1.1 (EOL) |
No Impact |
No Impact |
||
Talend Studio |
Cloud |
8.0 |
For running jobs, the issue can be mitigated by specifying: "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when running the job. Additional details below in section « Mitigation steps for Talend Studio » |
R2021-12_v1 (23-DEC-2021) |
7.3 |
For running jobs, the issue can be mitigated by specifying: "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when running the job. Additional details below in section « Mitigation steps for Talend Studio » |
R2021-12_v2 (21-DEC-2021)
|
||
7.2 |
For running jobs, the issue can be mitigated by specifying: "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when running the job. Additional details below in section « Mitigation steps for Talend Studio » |
TPS-5062 (27-DEC-2021)
|
||
On-Prem |
8.0 |
For running jobs, the issue can be mitigated by specifying: "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when running the job. Additional details below in section « Mitigation steps for Talend Studio » |
R2021-12_v1 (23-DEC-2021)
|
|
7.3 |
For running jobs, the issue can be mitigated by specifying: "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when running the job. Additional details below in section « Mitigation steps for Talend Studio » |
R2021-12_v2 (21-DEC-2021)
|
||
7.2 |
No impact on job execution Studio - Impact with license for Data Quality (Data Profiler using ElasticSearch)
|
TPS-5062 (27-DEC-2021)
|
||
7.1.1 (EOL) |
No impact on job execution Studio - Impact with license for Data Quality (Data Profiler using ElasticSearch) |
TPS-5065 (27-DEC-2021) |
Remediation for Talend Open Source is not in scope. End-of-Life versions evaluations have been completed. For further details, please contact Talend Support.
Important Note :
Regarding the artifacts built from Studio v8.0 or v7.3, you need to install the latest Studio patch and then recompile and republish these artifacts in order to be fully protected.
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!