log4j
9 views
Skip to first unread message
Irene Vagionakis
Dec 24, 2021, 8:22:10 AM12/24/21
to EFES users
Dear all,
sorry for the Christmas email, but I wanted to check with you: is it correct that in EFES/Kiln we are using version 1 of log4j, which (although not longer mantained) is not affected by the current vulnerability, and which is not using JMSAppender? If so, is it safe to keep our current version of log4j instead of updating it to log4j 2.17?
Thank you and Happy Holidays to you all!
Irene
Jamie Norrish
Jan 12, 2022, 2:50:34 AM1/12/22
to efes-...@googlegroups.com
On Fri, 2021-12-24 at 05:22 -0800, Irene Vagionakis wrote:
> sorry for the Christmas email, but I wanted to check with you: is it
> correct that in EFES/Kiln we are using version 1 of log4j, which
> (although not longer mantained) is not affected by the current
> vulnerability, and which is not using JMSAppender? If so, is it safe
> to keep our current version of log4j instead of updating it to log4j
> 2.17?
According to https://nvd.nist.gov/vuln/detail/CVE-2021-44228 the
> sorry for the Christmas email, but I wanted to check with you: is it
> correct that in EFES/Kiln we are using version 1 of log4j, which
> (although not longer mantained) is not affected by the current
> vulnerability, and which is not using JMSAppender? If so, is it safe
> to keep our current version of log4j instead of updating it to log4j
> 2.17?
version used in EFES/Kiln is not vulnerable.
Jamie
Reply all
Reply to author
Forward
0 new messages