Wildfly 9 and 18 logmanager

38 views
Skip to first unread message

Shiva Kumar

unread,
Jan 5, 2022, 10:42:01 AMJan 5
to WildFly
I am using wildfly 9 and 18 which is using log4j 1.2.16 in log4j-jboss-logmanager module which is vulnerable. I have seen some solutions by deleting JMSadapter and Lookup classes from server source.But i want to migrate log4j 1.2.16 to log4j2 version or migrate module it self for more security reasons.please tell me how can this is achievable?

James Perkins

unread,
Jan 5, 2022, 11:18:49 AMJan 5
to WildFly
The vulnerability you're thinking of does not affect log4j1. There is a CVE in log4j 1, but it only has to do with the JMSAppender. If you're not using a log4j 1 configuration file in your deployment that creates a JMSAppender you've got no issues. Even then you'd likely still not be vulnerable.

If you use log4j 2 in your deployment you'll want to upgrade it to 2.17.1 and redeploy it.

Reply all
Reply to author
Forward
0 new messages