log4j security issue
Posted: 13 Dec 2021, 06:15
Hi,
is there any king of mitigation plan soon for 6.2 servers as it includes log4j1.2 and log4j 2.7 that are susceptible to the issue https://logging.apache.org/log4j/2.x/security.html
according to changelog of 7.0 Server 7.0.10360 20/04/2019 , same thing
Upgrade LIB: log4j 2.7
but can not find the jar in the madsonic.war
is there any king of mitigation plan soon for 6.2 servers as it includes log4j1.2 and log4j 2.7 that are susceptible to the issue https://logging.apache.org/log4j/2.x/security.html
Code: Select all
$ unzip -t madsonic.war |grep log4
testing: WEB-INF/lib/slf4j-log4j12-1.7.22.jar OK
testing: WEB-INF/lib/log4j-1.2-api-2.7.jar OK
testing: WEB-INF/lib/log4j-1.2.17.jar OK
testing: WEB-INF/lib/log4j-api-2.7.jar OK
testing: WEB-INF/lib/log4j-core-2.7.jar OK
testing: WEB-INF/classes/log4j.properties OK
testing: WEB-INF/classes/log4j2.xml OK
according to changelog of 7.0 Server 7.0.10360 20/04/2019 , same thing
Upgrade LIB: log4j 2.7
but can not find the jar in the madsonic.war