Log4j2 security vulnerability

Discuss all problems you have with Servoy here. It might help to mention the Servoy version and Operating System version you are using

Log4j2 security vulnerability

Postby dlangley » Sat Dec 11, 2021 12:06 am

Has Servoy identified any potential fixes for this Log4j2 security vulnerability?

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

We are using 2021.03. NGClients.

Best Regards,

David Langley
dlangley
 
Posts: 1
Joined: Sat Dec 11, 2021 12:02 am

Re: Log4j2 security vulnerability

Postby sean » Sat Dec 11, 2021 12:21 am

Hi David,

Thanks for posting this on the forum.

This is already on our radar. You can follow in this ticket:
https://support.servoy.com/browse/SVY-16711

It is already patched in the forthcoming release 2021.12 (The RC1 just released but misses this update, but you can get the nightly build)

The fastest way to mitigate is to just set a system property when starting up tomcat (or what webserver you use)
Code: Select all
-Dlog4j2.formatMsgNoLookups=true
Software Engineer
Servoy USA
sean
 
Posts: 370
Joined: Mon May 21, 2007 6:26 pm
Location: USA


Return to Discuss possible Issues and Bugs

Who is online

Users browsing this forum: No registered users and 7 guests