Log4j2 security vulnerability

dlangley · December 10, 2021, 10:06pm

Has Servoy identified any potential fixes for this Log4j2 security vulnerability?

We are using 2021.03. NGClients.

Best Regards,

David Langley

sdevlin · December 10, 2021, 10:21pm

Hi David,

Thanks for posting this on the forum.

This is already on our radar. You can follow in this ticket:
https://support.servoy.com/browse/SVY-16711

It is already patched in the forthcoming release 2021.12 (The RC1 just released but misses this update, but you can get the nightly build)

The fastest way to mitigate is to just set a system property when starting up tomcat (or what webserver you use)

-Dlog4j2.formatMsgNoLookups=true

Topic		Replies	Views
Log4j issues Questions	74	204420	January 26, 2022
Potential Vulnerability with Log4J Announcements	4	6507	December 29, 2021
use sentry with servoy Questions	3	4065	March 20, 2023
Moving from Log4j 1 to Log4j 2 questions Questions	3	2484	January 18, 2022
Servoy Log4j Version Questions	1	37	June 12, 2025