log4j vulnerability impact on Alfresco community edition
I would like to know whether any of the Alfresco Community edition components are affected by CVE-2021-44228
In alfresco-community-repo(8.423), I could see that Alfresco Core has log4j 1.2.17 in pom.xml. Also, Alfresco repository uses mybatis-3.3.0 which has dependency on log4j-core 2.14.1.
Please share some insights on this and also on other components like - acs-community-packaging (7.0.0) - Alfresco share (alfresco-share-parent-7.0.0) - Alfresco Search Services (2.0.1) - Alfresco Activemq - Alfresco acs-community-ingress (alfresco-acs-nginx-3.1.1)