[jakarta.ee-wg] Developers with implementations using Log4J, please read

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jakarta.ee-wg] Developers with implementations using Log4J, please read

From: Ed Bratt <ed.bratt@xxxxxxxxxx>
Date: Fri, 10 Dec 2021 10:08:28 -0800
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fqZjeB82xF5IPvAzEBj/LlYvGaal2K//yAWBqZhhc4k=; b=J1Hucn0g8T/L6+G4QEnttopcFmWiPZzp0LIaf4d7/iEY6YlZSjD51wOFNgDCCVteo/A0MfNmwwzUwhojWsXoFf+zFhJc30TNKs/XORQnc5tEUoo8ZvwTpch0sJV/dqytXlBPFcORlKKk4O//BcViUJk3rWxWAkqN1X2gtPn0Dkxb9/2l2CbPJoxa5g9xE2UDLSiG3pgYJEosQjgxq3lJeL9dskMXZj7Zpgi9Ak40gbIrzADDlRo90yBXvkFPG0+EnScNJxOw3PBhFVw5J1LSaioGWbLy7fILZ+V6++OmKn9ShTfdiyleINr4z5jyjAMYvqO/up58lFy9oMpxYpV8+Q==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kRuOy8Vi14fXCVLbJ4SFH383PdSXvC2AIvXG1vEi+AbsrRSQBlHjSmw1DMHG32ilhibriNa/vxYjnbEhTq1Ebp/TfkRS07l5qy6XH18keNatxwYvJa+vrwkNZZQJe+OMZzc9O+OB3hCwQWpNpzYbhvsAJc9CgNN3prBf2ki/jdaPF5BTPShH7D6dfzQ8A39HF6o6vyxpfdkPEye1AYhkFRU685q/5mx6RRPTS4i8DWuwaWuxzJEnFdwO4XLHKcjdA5tpcqvy/N9/qk2xzcXTYuPJvh6asxIrvxmvswBhzVgLpA+aJY+Sx9h2KUFJbgMSamF0SA+iBsi4FH/HD1Qraw==
Delivered-to: jakarta.ee-wg@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jakarta.ee-wg/>
List-help: <mailto:jakarta.ee-wg-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jakarta.ee-wg>, <mailto:jakarta.ee-wg-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jakarta.ee-wg>, <mailto:jakarta.ee-wg-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0

All Java implementations that use Log4J should review this vulnerabilityreport https://www.lunasec.io/docs/blog/log4j-zero-day/. It is alsologged as https://nvd.nist.gov/vuln/detail/CVE-2021-44228


Work-arounds as well as remediation options are given in the post.

Happy Friday!

-- Ed

Prev by Date: [jakarta.ee-wg] JakartaOne Livestream 2021 - Pizza time!
Next by Date: [jakarta.ee-wg] Happy Holidays!
Previous by thread: [jakarta.ee-wg] JakartaOne Livestream 2021 - Pizza time!
Next by thread: [jakarta.ee-wg] Happy Holidays!
Index(es):
- Date
- Thread

Breadcrumbs