Hi Johan,
Has this any imoact on Servoy deployements?
Or older version?
https://tweakers.net/nieuws/190602/erns ... effen.html
jcompagner wrote:we already upped our log4j for the next releases (so from 2022.03 on for sure)
for .12 i have to see because that does mean i need to do a last minute change of libraries..
for older releases i guess in the developer it is fine, but if you deploy you can manually update the WAR file to update to the latest releases of that.
i need to investigate a bit how this exploit can be exploited. what access do you need
rvanderburg wrote:Older versions of Servoy ship with log4j 1.x, this version is no longer supported and should have been replaced already
mboegem wrote:rvanderburg wrote:Older versions of Servoy ship with log4j 1.x, this version is no longer supported and should have been replaced already
I totally agree, but sometimes keeping up with the latest version of Servoy is not as simple.
Any chance that the old log4j library can simply be replaced by the latest version?
Or does this require additional changes in settings files.
The currently known exploit is also prevented by java versions >= 8u121.
The currently known exploit is also prevented by java versions >= 8u191.
Users browsing this forum: No registered users and 2 guests