Log4j vulnerability

[Kaz C]

Hi,

Regarding the log4j vulnerability identified recently, is Browsermob Proxy affected?

Haven't been able to find out if it is or what version of log4j it is running.

Thanks.

[⇜Krishnan Mahadevan⇝]

The version information is available in the pom file (2.9.0)

https://github.com/lightbody/browsermob-proxy/blob/master/pom.xml#L71

You can also get this information from mvnrepository.com https://mvnrepository.com/artifact/net.lightbody.bmp/browsermob-proxy/2.1.5

Thanks & Regards
Krishnan Mahadevan

"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
My Scribblings @ http://wakened-cognition.blogspot.com/

My Technical Scribblings @ https://rationaleemotions.com/

--

---
You received this message because you are subscribed to the Google Groups "BrowserMob Proxy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to browsermob-pro...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/browsermob-proxy/f45c29b3-82c9-4fc4-92ff-fc9e3a3b57bdn%40googlegroups.com.

[Kaz C]

Thanks Krishnan. I see it's using an affected version of log4j.

[⇜Krishnan Mahadevan⇝]

You can always add an exclusion of that version and then explicitly add a new version.

Additionally, I also read that you can add a JVM argument to disable that behaviour.

Please refer here: https://stackoverflow.com/q/70313982

Thanks & Regards
Krishnan Mahadevan

"All the desirable things in life are either illegal, expensive, fattening or in love with someone else!"
My Scribblings @ http://wakened-cognition.blogspot.com/

My Technical Scribblings @ https://rationaleemotions.com/

To view this discussion on the web visit https://groups.google.com/d/msgid/browsermob-proxy/8fbcc1a6-12fa-49b4-96e1-3fe034c3be25n%40googlegroups.com.