You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@karaf.apache.org by Paul Spencer <pa...@mindspring.com> on 2021/12/12 18:18:13 UTC

Karaf 3.0.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?

For users of Karaf 3.0.x that uses Pax Logging version 1.8.x, what is the recommended mitigation for "Apache Log4j Remote Code Execution Vulnerability", CVE-2021-44228?

Paul Spencer

Re: Karaf 3.0.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?

Posted by JB Onofré <jb...@nanthrax.net>.

Hi Paul

Only log4j 2.x is only impacted, Karaf 3.0/pax logging 1.8 uses log4j 1.x so no problem. 

Regards 
JB

> Le 12 déc. 2021 à 19:18, Paul Spencer <pa...@mindspring.com> a écrit :
> 
> For users of Karaf 3.0.x that uses Pax Logging version 1.8.x, what is the recommended mitigation for "Apache Log4j Remote Code Execution Vulnerability", CVE-2021-44228?
> 
> Paul Spencer
>