Loading

MuleSoft Still Facing Issues with Log4j

Дата публикации: Apr 1, 2026
Описание

You performed any suggested updates to MuleSoft applications, but Microsoft Defender is showing that our organization currently has devices and files vulnerable to Log4j CVE's.

This could be due to needing to delete vulnerable .jars, or updating your runtime, Studio, Munit Runtime, or connectors.

Решение

In order to resolve issues with MuleSoft applications and Log4j CVEs, review the following:

A. Delete your vulnerable .jars

1. If your security team is letting you know a .jar is vulnerable, ask for the path 

2. Delete the jars from the path location

B. Update your Runtime

1. Are you on the latest patched version of Mule Runtime?
Release notes:
https://docs.mulesoft.com/release-notes/mule-runtime/mule-esb

2. How to apply patches:
https://help.salesforce.com/s/articleView?id=How-to-apply-patches-to-Mule-4-x&type=1&language=en_US


C. Update Anypoint Studio

1. Are you using the latest version of Anypoint Studio?
Release notes:
https://docs.mulesoft.com/release-notes/studio/anypoint-studio

2. Please download the latest version of Anypoint Studio:
https://www.mulesoft.com/lp/dl/anypoint-mule-studio

3. Download all of your projects from your older versions of Anypoint Studio to a folder on your local machine 

4. Delete the older versions of Anypoint Studio

5. Update your connectors in your Projects:
Right-click on your project - manage dependencies - manage modules - update all your modules

6. Update Munit Runtime to the latest patch version:
https://docs.mulesoft.com/munit/2.1/runtime-patching

Номер статьи базы знаний

001119635

 
Загрузка
Salesforce Help | Article