Servoy Forum

Discuss Servoy here!
https://forum.servoy.com/

Log4j2 security vulnerability

https://forum.servoy.com/viewtopic.php?f=8&t=23389

Page 1 of 1

Log4j2 security vulnerability

PostPosted: Sat Dec 11, 2021 12:06 am
by dlangley
Has Servoy identified any potential fixes for this Log4j2 security vulnerability?

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

We are using 2021.03. NGClients.

Best Regards,

David Langley

Re: Log4j2 security vulnerability

PostPosted: Sat Dec 11, 2021 12:21 am
by sean
Hi David,

Thanks for posting this on the forum.

This is already on our radar. You can follow in this ticket:
https://support.servoy.com/browse/SVY-16711

It is already patched in the forthcoming release 2021.12 (The RC1 just released but misses this update, but you can get the nightly build)

The fastest way to mitigate is to just set a system property when starting up tomcat (or what webserver you use)
Code: Select all
-Dlog4j2.formatMsgNoLookups=true
All times are UTC + 1 hour [ DST ]
Page 1 of 1