FW: Payara products unaffected by Log4j vulnerability

12 views
Skip to first unread message

Kevin Phipps - STFC UKRI

unread,
Dec 14, 2021, 11:46:50 AM12/14/21
to icat...@googlegroups.com

I’ve just received the email below from Payara confirming that Payara Server is not affected by the log4j vulnerability.

 

Cheers,

 

Kevin

 

 

From: The Payara Team <comm...@payara.fish>
Sent: 14 December 2021 16:44
To: Phipps, Kevin (STFC,RAL,SC) <kevin....@stfc.ac.uk>
Subject: Payara products unaffected by Log4j vulnerability

 

The recently reported Log4J vulnerability does not effect Payara Enterprise or Payara Community versions of Payara Server and Payara Micro.

Image removed by sender. logo.png

Hello Kevin

To determine Log4j vulnerability, Payara has investigated its products: 

Payara Server Community

Payara Micro Community

Payara Server Enterprise

Payara Micro Enterprise

Payara Cloud 

and concluded that all remained unaffected.

However, if your application is using the Log4j library,  we recommend that you upgrade to the latest version of Log4J, especially when running on a vulnerable JDK version.

See Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaSec

Thank you,

The Payara Team

Payara Services Ltd   Malvern Hills Science Park  Geraldine Road  Malvern  Worcestershire   WR14 3SZ   United Kingdom

You received this email because you are subscribed to How to Use Payara Products and Services + General Marketing Info from Payara Services Ltd .

Update your email preferences to choose the types of emails you receive.

 Unsubscribe from all future emails  

Image removed by sender.

This email and any attachments are intended solely for the use of the named recipients. If you are not the intended recipient you must not use, disclose, copy or distribute this email or any of its attachments and should notify the sender immediately and delete this email from your system. UK Research and Innovation (UKRI) has taken every reasonable precaution to minimise risk of this email or any attachments containing viruses or malware but the recipient should carry out its own virus and malware checks before opening the attachments. UKRI does not accept any liability for any losses or damages which the recipient may sustain due to presence of any viruses. 

Reply all
Reply to author
Forward
0 new messages