The 10.7 SP3 APMIA release includes apmia/extensions/AWSExtension/lib/external/log4j-1.2.17.jar.
We are mandated to remediate all components with log4j jars including this version.
Does Broadcom have a workaround or upgrade available to address this?
Release : 10.7.0
In our official communication below on log4j 1.2 vulnerability, 10.7 SP3 Agents are not affected by this because APM is using a forked and customized version of Log4j 1.2 which has been optimized and modified from the original Log4j .
1.2 and APM does not enable the SocketServer or JMSAppender classes. This forked and customized version of Log4j 1.2 is maintained by Broadcom and does not rely on external support.