You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@karaf.apache.org by Oleg Cohen <ol...@assurebridge.com> on 2021/12/12 17:18:05 UTC

Re: Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?

Thank  you!

On Dec 12, 2021, at 10:13 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:

log4j2.formatMsgNoLookups=true in etc/system.properties should do the trick.

Regards
JB

Le 12 déc. 2021 à 18:10, Oleg Cohen <ol...@assurebridge.com> a écrit :

Hi JB,

Thank you for the info.

Do you have an example of how this can be dome in system.properties?

Best,
Oleg

On Dec 12, 2021, at 10:08 AM, JB Onofré <jb...@nanthrax.net> wrote:

You can use system.properties to set the msg format on existing version.

Else Karaf 4.3.4 will include fix by default.

Le 12 déc. 2021 à 17:54, Paul Spencer <pa...@mindspring.com> a écrit :

For users of Karaf 4.3.x, what is the recommended mitigation for "Apache
Log4j Remote Code Execution Vulnerability", CVE-2021-44228?

Paul Spencer