Blog Jalios Community

Log4j Vulnerability - Jalios products unaffected

A critical vulnerability has been identified in the log4j2 library

In addition, we are aware of other vulnerabilities affecting log4j version 1.x

However, we invite you 

  • Audit your specific JPlatform developments to find the use of log4j2 and update the vulnerable version
  • To audit your entire information system to find the applications using these vulnerable libraries and to update them

(*) Message of  ceki, author of log4j 1.x library :

(**) Messages on Tomcat user mailing list : Mark Thomas on Sat, 11 Dec 2021 23:39:50 GMT, Mark Thomas on Mon, 13 Dec 2021 09:40:32 GMT


[Edit : 2021-12-12 15:10 - Post updated to include precision on vulnerability CVE-2021-4104]

[Edit : 2021-12-13 9:00 - Added link related to CVE-2021-4104]