[opencms-dev] Security issue in log4j
Jan Michael Greiner
jan0michael at yahoo.com
Sat Dec 11 10:33:51 CET 2021
Hello all,
I just read about the zero day exploit in log4j
https://www.heise.de/news/Kritische-Zero-Day-Luecke-in-log4j-gefaehrdet-zahlreiche-Server-und-Apps-6291653.html
I have no idea, if OpenCms is affected by this.
But to be on the save side, I did
zip -q -d [path-on-my-server]/www/opencms/WEB-INF/lib/log4j-core-2.13.3.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
service tomcat9 restart
To have a look in the .jar file, you can do before and after the above operation
unzip -l [path-on-my-server]/www/opencms/WEB-INF/lib/log4j-core-2.13.3.jar|grep -i jndi
Best regards,
Jan Michael Greiner
More information about the opencms-dev
mailing list