You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Paul Spencer <pa...@mindspring.com> on 2021/12/12 16:54:33 UTC
Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
For users of Karaf 4.3.x, what is the recommended mitigation for "Apache Log4j Remote Code Execution Vulnerability", CVE-2021-44228?
Paul Spencer
Re: Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
Posted by Oleg Cohen <ol...@assurebridge.com>.
Thank you!
On Dec 12, 2021, at 10:13 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
log4j2.formatMsgNoLookups=true in etc/system.properties should do the trick.
Regards
JB
Le 12 déc. 2021 à 18:10, Oleg Cohen <ol...@assurebridge.com> a écrit :
Hi JB,
Thank you for the info.
Do you have an example of how this can be dome in system.properties?
Best,
Oleg
On Dec 12, 2021, at 10:08 AM, JB Onofré <jb...@nanthrax.net> wrote:
You can use system.properties to set the msg format on existing version.
Else Karaf 4.3.4 will include fix by default.
Le 12 déc. 2021 à 17:54, Paul Spencer <pa...@mindspring.com> a écrit :
For users of Karaf 4.3.x, what is the recommended mitigation for "Apache
Log4j Remote Code Execution Vulnerability", CVE-2021-44228?
Paul Spencer
Re: Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
log4j2.formatMsgNoLookups=true in etc/system.properties should do the trick.
Regards
JB
> Le 12 déc. 2021 à 18:10, Oleg Cohen <ol...@assurebridge.com> a écrit :
>
> Hi JB,
>
> Thank you for the info.
>
> Do you have an example of how this can be dome in system.properties?
>
> Best,
> Oleg
>
>> On Dec 12, 2021, at 10:08 AM, JB Onofré <jb...@nanthrax.net> wrote:
>>
>> You can use system.properties to set the msg format on existing version.
>>
>> Else Karaf 4.3.4 will include fix by default.
>>
>>> Le 12 déc. 2021 à 17:54, Paul Spencer <pa...@mindspring.com> a écrit :
>>>
>>> For users of Karaf 4.3.x, what is the recommended mitigation for "Apache Log4j Remote Code Execution Vulnerability", CVE-2021-44228?
>>>
>>> Paul Spencer
>>>
>>
>
Re: Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
Posted by Oleg Cohen <ol...@assurebridge.com>.
Hi JB,
Thank you for the info.
Do you have an example of how this can be dome in system.properties?
Best,
Oleg
> On Dec 12, 2021, at 10:08 AM, JB Onofré <jb...@nanthrax.net> wrote:
>
> You can use system.properties to set the msg format on existing version.
>
> Else Karaf 4.3.4 will include fix by default.
>
>> Le 12 déc. 2021 à 17:54, Paul Spencer <pa...@mindspring.com> a écrit :
>>
>> For users of Karaf 4.3.x, what is the recommended mitigation for "Apache Log4j Remote Code Execution Vulnerability", CVE-2021-44228?
>>
>> Paul Spencer
>>
>
Re: Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
Posted by JB Onofré <jb...@nanthrax.net>.
You can use system.properties to set the msg format on existing version.
Else Karaf 4.3.4 will include fix by default.
> Le 12 déc. 2021 à 17:54, Paul Spencer <pa...@mindspring.com> a écrit :
>
> For users of Karaf 4.3.x, what is the recommended mitigation for "Apache Log4j Remote Code Execution Vulnerability", CVE-2021-44228?
>
> Paul Spencer
>