You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ignite.apache.org by Randall Woodruff <rw...@niksun.com> on 2021/12/16 15:26:15 UTC

Log4j response

Is the Apache Ignite group aware of any current vulnerabilities presented by log4j within Ignite or planning on issuing any guidance or advice in regards to log4j and Ignite?

Thank you,
Randall

Re: Log4j response

Posted by Stephen Darlington <st...@gridgain.com>.

This is the best public summary I’ve seen so far:

https://www.gridgain.com/resources/blog/what-you-need-know-about-log4j-vulnerabilities-apache-ignite-and-gridgain <https://www.gridgain.com/resources/blog/what-you-need-know-about-log4j-vulnerabilities-apache-ignite-and-gridgain>

In summary, there are immediate mitigations you can apply and there should be new releases shortly that incorporate the fixed version of log4j2.

> On 16 Dec 2021, at 15:26, Randall Woodruff <rw...@niksun.com> wrote:
> 
> Is the Apache Ignite group aware of any current vulnerabilities presented by log4j within Ignite or planning on issuing any guidance or advice in regards to log4j and Ignite? 
> 
> Thank you,
> Randall