Significant security vulnerability discovered in Log4j
Steven Smith
steve.t.smith at gmail.com
Wed Dec 15 00:27:49 UTC 2021
Thank you for posting!
Please see https://github.com/macports/macports-ports/pull/13353 <https://github.com/macports/macports-ports/pull/13353>.
> On Dec 14, 2021, at 6:47 PM, Nils Breunese <nils at breun.nl> wrote:
>
> A couple of hours ago https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046> was made public, which states that the previous mitigations of upgrading to Log4J 2.15.0 or setting system/environment properties is longer enough. The recommended solution is upgrading to Log4J 2.16.0. If that is not possible, it is recommended to at least remove the JndiLookup class from the log4j-core JAR (e.g. zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20211214/0319aa6a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3898 bytes
Desc: not available
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20211214/0319aa6a/attachment.bin>
More information about the macports-dev
mailing list