Log4Shell patch availability

Colin Findlay

unread,

Dec 13, 2021, 4:39:27 PM12/13/21

to Kill Bill users mailing-list

Is KillBill susceptible to the announced Log4Shell vulnerability? If so, will there be patches issued for the older Docker releases? i.e. 0.20 & 0.18?

Regards

Colin Findlay

stephane brossier

unread,

Dec 13, 2021, 4:42:30 PM12/13/21

to Colin Findlay, Kill Bill users mailing-list

Kill Bill relies on slf4j and not log4j - also, the expectation is that Kill Bill is a backend system not directly visible to consumers and hopefully deployed behind a firewall or VPC.

--
You received this message because you are subscribed to the Google Groups "Kill Bill users mailing-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to killbilling-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/killbilling-users/61057b8e-89ae-4df1-8963-d3368c3ce74fn%40googlegroups.com.

Colin Findlay

unread,

Dec 13, 2021, 4:45:56 PM12/13/21

to stephane brossier, Kill Bill users mailing-list

Excellent news Stephane, thank you for the very quick response! My mistake for not checking the code 😊

We do of course have everything firewalled off – but for internal compliance, a statement regarding the issue from the platform maintainers ticks some boxes!