Wildfly 9 and 18 logmanager

Skip to first unread message

Shiva Kumar

Jan 5, 2022, 10:42:01 AMJan 5
to WildFly
I am using wildfly 9 and 18 which is using log4j 1.2.16 in log4j-jboss-logmanager module which is vulnerable. I have seen some solutions by deleting JMSadapter and Lookup classes from server source.But i want to migrate log4j 1.2.16 to log4j2 version or migrate module it self for more security reasons.please tell me how can this is achievable?

James Perkins

Jan 5, 2022, 11:18:49 AMJan 5
to WildFly
The vulnerability you're thinking of does not affect log4j1. There is a CVE in log4j 1, but it only has to do with the JMSAppender. If you're not using a log4j 1 configuration file in your deployment that creates a JMSAppender you've got no issues. Even then you'd likely still not be vulnerable.

If you use log4j 2 in your deployment you'll want to upgrade it to 2.17.1 and redeploy it.

Reply all
Reply to author
0 new messages