[FORGE-416] Please advise where we can change the setting for the log4j to address the vulnerability - Issues

XML

Word

Printable

Details

Type: Problem Case
Status: Closed
Priority: High
Resolution: Fixed
Affects Version/s: sitemapv2-2.0.4
Fix Version/s: None
Component/s: Hippo Utilities
Labels:
- platform
Environment:
All our environments

Description

Please advise where i would find the below files to implement the mitigation .

At a high-level, what you need to know is:

This vulnerability was publicly announced today.
We strongly recommend you take the following steps to ensure the security of your data and website(s):

Mitigation:
In your project pom, please update your log4j version to 2.15.0: <log4j2.version>2.15.0</log4j2.version>

Temporary Mitigation:
Modify every logging pattern layout in your logging config files, replace %m with %m{nolookups}, see details at https://issues.apache.org/jira/browse/LOG4J2-2109

Additional information regarding the vulnerability can be here.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Heinrich Sant

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 12/Dec/21 8:03 AM

Updated:: 14/Dec/21 10:49 AM

Resolved:: 14/Dec/21 10:49 AM