Posts

Showing posts with the label hybris Log4j

Hybris SAP Commerce Cloud - Log4j Vulnerability Solution

The Log4j vulnerability is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. I hope by now you are already aware of  Log4j Vulnerability (CVE-2021-44228) . Hence, In this article, I'll not cover more about what log4j vulnerability is. Now let's talk about what is the quick solution or precautionary measures for the SAP Commerce Hybris. If your Hybris solution is  on-premise  or with  SAP Infrastructure (CCV1)  then you should take preventive measures either removing JNDI classes from existing log4j-core-*.jar or upgrading all log4j libs. As of now, let's go with the first option which looks like a quick and easy fix to me. 1) Create /hybris/config/customize/platform/ext/core/lib folder structure in your project 2) Copy  /hybris/bin/platform/ext/core/lib/log4j-core- .jar* file to  /hybris/config/customize/platform/ext/core/lib 3)  Go to   /hybris/config/customize/platform/ext/core/lib  and execute below tw