Loading

MuleSoft Still Facing Issues with Log4j

Veröffentlichungsdatum: Apr 1, 2026
Beschreibung

You performed any suggested updates to MuleSoft applications, but Microsoft Defender is showing that our organization currently has devices and files vulnerable to Log4j CVE's.

This could be due to needing to delete vulnerable .jars, or updating your runtime, Studio, Munit Runtime, or connectors.

Lösung

In order to resolve issues with MuleSoft applications and Log4j CVEs, review the following:

A. Delete your vulnerable .jars

1. If your security team is letting you know a .jar is vulnerable, ask for the path 

2. Delete the jars from the path location

B. Update your Runtime

1. Are you on the latest patched version of Mule Runtime?
Release notes:
https://docs.mulesoft.com/release-notes/mule-runtime/mule-esb

2. How to apply patches:
https://help.salesforce.com/s/articleView?id=How-to-apply-patches-to-Mule-4-x&type=1&language=en_US


C. Update Anypoint Studio

1. Are you using the latest version of Anypoint Studio?
Release notes:
https://docs.mulesoft.com/release-notes/studio/anypoint-studio

2. Please download the latest version of Anypoint Studio:
https://www.mulesoft.com/lp/dl/anypoint-mule-studio

3. Download all of your projects from your older versions of Anypoint Studio to a folder on your local machine 

4. Delete the older versions of Anypoint Studio

5. Update your connectors in your Projects:
Right-click on your project - manage dependencies - manage modules - update all your modules

6. Update Munit Runtime to the latest patch version:
https://docs.mulesoft.com/munit/2.1/runtime-patching

Nummer des Knowledge-Artikels

001119635

 
Laden
Salesforce Help | Article