We are on open JDK 8 so it looked like that could be a possibility according to https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476but I wasn't sure if this applies to archivematica
--
You received this message because you are subscribed to the Google Groups "archivematica" group.
To unsubscribe from this group and stop receiving emails from it, send an email to archivematic...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/archivematica/af6275b8-a3a9-4285-b794-ff8001b5e00en%40googlegroups.com.
Thanks for this information you provided and the associated fix at the URL below. I wanted to let you know we attempted the patch recommended in the document for RedHat/CentOS servers, and yet our InfoSec’s vulnerability scanner still indicated that our Archivematica servers were vulnerable. As a result and because we are transitioning off of Archivematica, we are shutting these down in the very near term
I just wanted to let you know so you could further investigate a fix for RedHat/CentOS usersTo view this discussion on the web visit https://groups.google.com/d/msgid/archivematica/3d84a5db-bcc9-4d4e-881d-9b798a91f353n%40googlegroups.com.