dotcms and log4j vulnerability
58 visningar
Hoppa till det första olästa meddelandet
Karias Bolster
13 dec. 2021 04:23:232021-12-13
till dotCMS User Group
Hi,
We are still currently on the progress of migrating our dotcms admin to the latest version but our current version which is community edition 5.2.8 seems to be affected by the log4j zero day vulnerability. My question is, is the latest version does not contain this vulnerability and is there a temporary fix for this in community edition 5.2.8.
Regards
Karias Bolster
13 dec. 2021 04:37:232021-12-13
till dotCMS User Group
I forgot to mention that we are using docker image and by latest i meant the tag latest which was updated a month ago.
Nathan Keiter
13 dec. 2021 09:34:392021-12-13
till dot...@googlegroups.com
Karias,
You need to add a JVM argument to the startup.sh script. Not sure how that would be done in Docker. Typically startup.sh script overrides are done via static plugins.
See here: https://github.com/dotCMS/core/issues/21393
Nathan I. Keiter | Lead Network Applications Programmer
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993
https://www.gettysburg.edu<https://www.gettysburg.edu/>
________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Karias Bolster <karias....@gmail.com>
Sent: Monday, December 13, 2021 4:37 AM
To: dotCMS User Group
Subject: [dotcms] Re: dotcms and log4j vulnerability
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________
--
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,M9dzNv46fu6FlqBWTlh0XSVT-VunyEWvEaTFs45ODUhcOqSsjjVwBa4pF2k7HJohpwtbPd1U0tH0PpQw_yLBM33jy7Tn4XEFbKOYw6cHKuyvXLLk5UKv5zkoQEI,&typo=1> - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/ab1cca50-14e3-46d0-aa7d-08cfc08eb03bn%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2fab1cca50-14e3-46d0-aa7d-08cfc08eb03bn%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,7ZAp4ucPWYp_abRZPTNlNDRgkzIVoIkQzLkb83wZ0u0Thtv0tMe_XxWcHw0ahqfJisVsrlj1UbjBn5pBFhmDtWS1QLZfqmJQx3KcXOYCR2-7B9lWxu4oNywuWegV&typo=1>.
You need to add a JVM argument to the startup.sh script. Not sure how that would be done in Docker. Typically startup.sh script overrides are done via static plugins.
See here: https://github.com/dotCMS/core/issues/21393
Nathan I. Keiter | Lead Network Applications Programmer
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993
https://www.gettysburg.edu<https://www.gettysburg.edu/>
________________________________
From: dot...@googlegroups.com <dot...@googlegroups.com> on behalf of Karias Bolster <karias....@gmail.com>
Sent: Monday, December 13, 2021 4:37 AM
To: dotCMS User Group
Subject: [dotcms] Re: dotcms and log4j vulnerability
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
________________________________
http://dotcms.com<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fdotcms.com&c=E,1,M9dzNv46fu6FlqBWTlh0XSVT-VunyEWvEaTFs45ODUhcOqSsjjVwBa4pF2k7HJohpwtbPd1U0tH0PpQw_yLBM33jy7Tn4XEFbKOYw6cHKuyvXLLk5UKv5zkoQEI,&typo=1> - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com<mailto:dotcms+un...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/ab1cca50-14e3-46d0-aa7d-08cfc08eb03bn%40googlegroups.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgroups.google.com%2fd%2fmsgid%2fdotcms%2fab1cca50-14e3-46d0-aa7d-08cfc08eb03bn%2540googlegroups.com%3futm_medium%3demail%26utm_source%3dfooter&c=E,1,7ZAp4ucPWYp_abRZPTNlNDRgkzIVoIkQzLkb83wZ0u0Thtv0tMe_XxWcHw0ahqfJisVsrlj1UbjBn5pBFhmDtWS1QLZfqmJQx3KcXOYCR2-7B9lWxu4oNywuWegV&typo=1>.
Svara alla
Svara författaren
Vidarebefordra
0 nya meddelanden