Hybris SAP Commerce Cloud - Log4j Vulnerability Solution
The Log4j vulnerability is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. I hope by now you are already aware of Log4j Vulnerability (CVE-2021-44228) . Hence, In this article, I'll not cover more about what log4j vulnerability is. Now let's talk about what is the quick solution or precautionary measures for the SAP Commerce Hybris. If your Hybris solution is on-premise or with SAP Infrastructure (CCV1) then you should take preventive measures either removing JNDI classes from existing log4j-core-*.jar or upgrading all log4j libs. As of now, let's go with the first option which looks like a quick and easy fix to me. 1) Create /hybris/config/customize/platform/ext/core/lib folder structure in your project 2) Copy /hybris/bin/platform/ext/core/lib/log4j-core- .jar* file to /hybris/config/customize/platform/ext/core/lib 3) Go to /hybris/config/customize/platform/ex...