Log4J Security Vulnerability & Pyramid

Avi PerezAdmin
"making the sophisticated simple"
AviPerez
updated 1 yr ago
4replies
Avi PerezAdmin1 yr ago

There has been a critical notification of a potentially serious vulnerability in the Apache Log4J Java library used extensively in many Java applications world-wide, including Pyramid.

The versions of the Log4J library that are affected by this critical issue are found in "Log4J2" for versions 2.0 through 2.14.1 (as documented in CVE-2021-44228 and described here and elsewhere on the internet).

Pyramid, however, uses Log4J 1.2.17 which does NOT contain this problem and is therefore not exposed to this vulnerability.

In the next release (2020.22) we will upgrade this component to a new version and correct any issues found in older versions of the Log4J component (which are not considered critical).

DEC-23-2021 :SEE THE UPDATED POSTING PROVIDING UPDATED REMEDIES FOR THE LOG4J VULNERABILITY

security

Like Follow 4

- Kim Jämiä
- Kim_Jamia
- 1 yr ago
- Reported - view
You might want to publish that here as well: https://github.com/NCSC-NL/log4shell/tree/main/software#log4j-overview-related-software

Like
- Avi PerezAdmin
  
  "making the sophisticated simple"
  
  AviPerez
  
  1 yr ago
  
  Reported - view
  Kim Jämiä We have now published to this site.
  
  Like 1
- Vaclav Kadlcek
- Vaclav_Kadlcek
- 1 yr ago
- Reported - view
Pyramid version 2020.20.600 contain this file:
C:\Program Files\Pyramid2018\drivers\hive-jars\log4j-core-2.6.2.jar

Could you please verify the vulnerability for this version?

Thanks.

Like 1
- Avi PerezAdmin
- "making the sophisticated simple"
- AviPerez
- 1 yr ago
- Reported - view
PLEASE SEE THE UPDATED POSTING PROVIDING UPDATED REMEDIES FOR THE LOG4J VULNERABILITY and details on the new 2020.22 RELEASE

Like