Hi all,
On Sat, 22 Apr 2023 at 01:02, Ralph Goers wrote:
>
> Note that he may also have a shaded jar that has Log4j embedded in it. That
> would be impossible for us to know without personally inspecting the
> deployment.
That's something that can be discovered with a shell script like this:
Note that he may also have a shaded jar that has Log4j embedded in it. That
would be impossible for us to know without personally inspecting the deployment.
Ralph
> On Apr 21, 2023, at 12:51 PM, Christian Grobmeier
> wrote:
>
> Hello Guru,
>
> the only way to have this issue is with an outda
Hello Apache Dev Team,
Situation: Both the libraries log4j-1.2.9.jar and log4j-1.2.9-1.0.jar are
getting flagged on the same server.
Question: If possible, I was wondering if you could provide some technical
insight on the difference between both of the libraries.
Moreover, please feel to poin
Hello Guru,
the only way to have this issue is with an outdated version of log4j on your
classpath.
Can you check what classpath is being used in your container? There may be an
additional classpath that we are not aware of.
Could you let us know the full setup of your machine, in example:
- e
This is a lazy vote to release logging-parent 9. This vote is open for
72 hours and will pass unless getting a net negative vote count.
Release notes:
* A default Spotless configuration has been added for Java, POM, XML
and YAML files.
Staging repo:
https://repository.apache.org/content/reposito
Hi Marian,
This CVE was analyzed within the context of the the reload4j project. It
was deemed as not a serious or practical threat as its attack surface as
it pertains to log4j 1.x is vanishingly small [1].
The reload4j project is a fork of Apache log4j version 1.2.17 with the
goal of fixing p
No, the details in the CVE should be enough for you to determine that. We
simply looked at the source code and determined what the reporter found was
correct.
Note that Log4j 1.x reached end-of-life in 2015. No one on the Apache Logging
Services project has worked with it for many years.
Ralph
+1
On Tue, Apr 18, 2023 at 11:29 PM Piotr P. Karwasz
wrote:
> Hi all,
>
> As discussed during Sunday's meeting, in the following weeks I would
> like to perform these cleanup jobs on our repos:
>
> 1. On Friday evening: merge
> https://github.com/apache/logging-parent/pull/10 and publish
> `logg
Would it be possible to provide more details of concerned classes which
cause the DDOS or give an example how to reproduce this?
On 2023/03/10 13:37:22 Arnout Engelen wrote:
> Severity: low
>
> Description:
>
> ** UNSUPPORTED WHEN ASSIGNED **
>
> When using the Chainsaw or SocketAppender compone
No, we are not deploying as war file. And the application /lib currently having
followed log4j files.
-rw-r-. 1 fruser fruser 16431 Aug 25 2022 jcl-over-slf4j-1.7.21.jar
-rw-r-. 1 fruser fruser4597 Aug 25 2022 jul-to-slf4j-1.7.21.jar
-rw-r-. 1 fruser fruser 41071 Aug 25 2
Are you deploying your application as a war file? If so, can you unzip that war
file and search for log4j there?
--
The Apache Software Foundation
V.P., Data Privacy
On Fri, Apr 21, 2023, at 13:21, Gurumoorthi Vijayalingam wrote:
> No, am not able to find log4j version in tomcat lib folder. The
No, am not able to find log4j version in tomcat lib folder. The problem
occurred when we upgraded the jar files from 2.2 t o2.17
Regards,
Guru.
-Original Message-
From: Christian Grobmeier
Sent: Friday, April 21, 2023 4:36 PM
To: Gurumoorthi Vijayalingam ; dev@logging.apache.org
Subje
Any help on this request ? we stuck.
-Original Message-
From: Gurumoorthi Vijayalingam
Sent: Thursday, April 13, 2023 7:36 AM
To: Christian Grobmeier ; dev@logging.apache.org
Subject: RE: [External] Re: Log4j Issue
Hi Team,
We tried the steps as Christian mentioned in below email, but
Hello Gurumoorthi,
please subscribe to dev@logging.apache.org by sending an empty message to
dev-subscr...@logging.apache.org.
It is hard for our message moderators to manually moderate your messages
through.
You need to find the log4j version of Tomcat. Please search for this. it could
be in
14 matches
Mail list logo
