Forums

Resolved
0 votes
Considering the log4j java exploit with a 10/10 risk, do I need to worry about that?
https://nvd.nist.gov/vuln/detail/CVE-2021-44228

I'm not sure if this is always an integral part of Apache (or would you need to install that separately). If so, will a patched version be released to the community channel soon?

Sorry, I'm not the greatest expert on this matter. Just want to keep my server clean.
Monday, December 13 2021, 08:55 AM
Share this post:

Accepted Answer

Monday, December 13 2021, 09:37 AM - #Permalink
Resolved
0 votes
log4j is not installed by default and according to RedHat's advisory, RHEL7, so ClearOS 7, is not affected.
The reply is currently minimized Show
Responses (4)
  • Accepted Answer

    Wednesday, December 15 2021, 06:30 PM - #Permalink
    Resolved
    1 votes
    Nick Howitt wrote:

    log4j is not installed by default and according to RedHat's advisory, RHEL7, so ClearOS 7, is not affected.
    Not that I've bumped into, but I have not used all the packages. It does not matter anyway as Redhat say the CVE is not applicable to their (and our) version of log4j.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, December 15 2021, 06:25 PM - #Permalink
    Resolved
    0 votes
    Are there any packages on the marketplace that would install it when adding them?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 13 2021, 07:03 PM - #Permalink
    Resolved
    1 votes
    were my thoughts also. Good to know.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 13 2021, 10:47 AM - #Permalink
    Resolved
    1 votes
    That is incredibly reassuring. Thanks a lot Nick!!!
    The reply is currently minimized Show
Your Reply