Mitigating Log4J Security Vulnerability

On December 12, 2021 Apache Log4J 2.x reported that this widely used Java logging framework has been exposed to a serious security vulnerability. OpenRules Decision Manager like many other Java-based products uses Log4J. To mitigate this problem, we quickly switched to the recommended version 2.15.0 of log4j that was supposed to remove the above vulnerability. However, on December 14 the second vulnerability was discovered and Apache released the version 2.16.0 to address the problem.

Based on the seriousness of these events, we decided to create a new emergency release 8.4.3 of OpenRules Decision Manager that uses log4j version 2.16.0 (not 2.15.0). We’ve already built the first version 8.4.3 and it’s going through thorough testing. For urgent situations we made the evaluation version 8.4.3 available from here. Our team will continue to work hard to make sure that well-tested Release 8.4.3 will be available to all customers tomorrow morning. If you have any questions, please contact

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.