Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-3214

Update security page text for CVE-2021-44228

    XMLWordPrintableJSON

Details

    • Documentation
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.15.0
    • 2.16.0
    • None
    • None

    Description

      I propose to update the text for the mitigation section of CVE-2021-44228 on https://logging.apache.org/log4j/2.x/security.html

      Changes: add Log4j 1.x section, and format the Log4j 2.x section as a bullet point list for improved readability.


      Log4j 1.x mitigation: Audit your logging configuration to ensure it has no JMSAppender configured. Log4j 1.x configurations without JMSAppender are not impacted by this vulnerability. (Note that there is a separate CVE (CVE-2021-4104) for this vulnerability now.)

      Log4j 2.x mitigation: Implement one of the mitigation techniques below.

      The log4j-api JAR file in Log4j2 is not impacted by this vulnerability.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rpopma Remko Popma
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: