Welcome Guest! Log in
×

Notice

The forum is in read only mode.
Stambia versions 2.x, 3.x, S17, S18, S19 and S20 are reaching End of Support January, 15th, 2024. Please consider upgrading to the supported Semarchy xDI versions. See Global Policy Support and the Semarchy Documentation.

The Stambia User Community is moving to Semarchy! All the applicable resources have already been moved or are currently being moved to their new location. Read more…

Topic-icon Question log4j vulnerability

More
13 Dec 2021 15:12 - 13 Dec 2021 15:41 #1 by nverscheure_cc
log4j vulnerability was created by nverscheure_cc
Hi Stambia team,

Log4j flaw discovered the past week

- the report in French : www.cert.ssi.gouv.fr/alerte/CERTFR-2021-ALE-022/
- the report in English : logging.apache.org/log4j/2.x/security.html

Stambia is java powered.
Some components are using log4j.

Is Stambia concerned by the security alert ?
What is the action plan ?
Do you plan to publish patches ? or a notice ?

Best regards
Nicolas
Last edit: 13 Dec 2021 15:41 by nverscheure_cc.
More
13 Dec 2021 18:04 #2 by fuehara
Replied by fuehara on topic log4j vulnerability
Hello!
I have the same doubt...

Thanks.
More
13 Dec 2021 19:03 #3 by Thomas BLETON
Replied by Thomas BLETON on topic log4j vulnerability
Hi,

Please refer to this announcement
More
15 Dec 2021 10:32 #4 by Thomas BLETON
Replied by Thomas BLETON on topic log4j vulnerability
A more detailed note is available here:
stambia.org/212-blogtype-category/genera...ve-2021-44228&bnr=no