Log4j CVE-2021-44228

Use this forum to report bugs and to check for bugfixes and new releases of OpenEMM

Moderator: moderator

AndreasT
Posts: 8
Joined: Tue Oct 05, 2021 3:02 pm

Log4j CVE-2021-44228

Post by AndreasT » Mon Dec 13, 2021 11:35 am

Is OpenEMM affected by the Log4j vulnerability the BSI has reported the last days?

maschoff
Site Admin
Posts: 2529
Joined: Thu Aug 03, 2006 10:20 am
Location: Munich, Germany
Contact:

Re: Log4j CVE-2021-44228

Post by maschoff » Mon Dec 13, 2021 12:19 pm

No
OpenEMM Maintainer

nhondong
Posts: 12
Joined: Tue May 04, 2021 3:39 pm

Re: Log4j CVE-2021-44228

Post by nhondong » Fri Dec 17, 2021 7:22 am

Hi,

is there any official Statement with more information to this Bulletin?
openemm uses log4j in the affected Version. (1.2)

Please tell us why openemm is not affected.

Thanks.

Nils

maschoff
Site Admin
Posts: 2529
Joined: Thu Aug 03, 2006 10:20 am
Location: Munich, Germany
Contact:

Re: Log4j CVE-2021-44228

Post by maschoff » Fri Dec 17, 2021 8:54 am

Because OpenEMM does not use the JMSAppender of Log4j1.
OpenEMM Maintainer

Post Reply