log4j 1.2.14 is vulnerable deserialization of untrusted data (CVE-2019-17571) #56

TheBierbrauer · 2022-01-13T15:48:30Z

Log4j needs to be updated (or replaced) to fix this vulnerability

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

keeganwitt · 2022-01-20T18:43:00Z

Log4j 1 was end of life August 5, 2015, so this fix should be

Upgrade to Log4J 2 (could use the bridge for this, but I don't think it'd be a lot of work to just upgrade completely)..
Switch to reload4j.
Switch to Logback or some other logging framework.

Damon-V79 · 2022-04-19T08:35:51Z

Hello, I think this issue can be closed. Log4j in master was updated:

   ...
* |   0d2e54bf    Merge branch 'jira/PROC-1059' into 'master'    Kenta Isozuka
|\ \  
| |/  
|/|   
| * 0765ee72    PROC-1059: Remove slf4j    kisozuka
| * 5c33c660    PROC-1059: Fix Logger to use log4j2    kisozuka
| * 5aa4b3dc    PROC-1059: Upgrade log4j to 2.17.1    kisozuka
|/  
*   044c20d7    Merge branch 'jira/PROC-1015' into 'master'    Taito Ri
   ...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

log4j 1.2.14 is vulnerable deserialization of untrusted data (CVE-2019-17571) #56

log4j 1.2.14 is vulnerable deserialization of untrusted data (CVE-2019-17571) #56

TheBierbrauer commented Jan 13, 2022

keeganwitt commented Jan 20, 2022 •

edited

Loading

Damon-V79 commented Apr 19, 2022

log4j 1.2.14 is vulnerable deserialization of untrusted data (CVE-2019-17571) #56

log4j 1.2.14 is vulnerable deserialization of untrusted data (CVE-2019-17571) #56

Comments

TheBierbrauer commented Jan 13, 2022

keeganwitt commented Jan 20, 2022 • edited Loading

Damon-V79 commented Apr 19, 2022

keeganwitt commented Jan 20, 2022 •

edited

Loading