Critical Severity - An update on the Apache Log4j 2.x vulnerabilities #189
Comments
|
Any reaction on the reqeust? |
|
None… but the solution is simple, you just need to download the new version of log4j and replace the packages of log4j that you find in the application (mqexporter) directory. Then, you build it with Maven. let me know if you need some help. |
|
Well, it is more that I also found some things in the HTTP handler that can be improved. There is very little control of what is accepted by the HTTP server. And suspicious calls are left unnoticed. This punches a hole in your security of your MQ system. I raised a question to issues list but then I saw also that you had no response for 4 weeks. So I have questions about the activity of this project. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, guys!
Recently, it was identified a vulnerability in log4j 2.x. As many companies use this exporter in production environments and this vulnerability has high severity, is it possible that you lauch a new review of the application with the needed upgrades?
Link: https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
Tks,
Alex
The text was updated successfully, but these errors were encountered: