Any ports use log4j 2?
Gerben Wierda
gerben.wierda at rna.nl
Tue Dec 14 14:49:02 UTC 2021
I see in GitHub that the mitigation for apache-solr8 has already been added (together with the 0.8.11 update). Great work!
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
> On 14 Dec 2021, at 15:36, Gerben Wierda via macports-users <macports-users at lists.macports.org> wrote:
>
> It is super scary.
>
> Apache solr8 is vulnerable. There is no 0.8.11 yet. Mitigation required:
>
> • (Linux/MacOS) Edit your solr.in.sh file to include: SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
>
>
> Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
> R&A IT Strategy <https://ea.rna.nl/> (main site)
> Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
> Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>
>> On 11 Dec 2021, at 18:24, Richard L. Hamilton <rlhamil at smart.net <mailto:rlhamil at smart.net>> wrote:
>>
>> CVE-2021-44228 sounds kinda scary!
>>
>> --
>> eMail: mailto:rlhamil at smart.net <mailto:rlhamil at smart.net>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20211214/898d729b/attachment.htm>
More information about the macports-users
mailing list