Infinispan and Log4j CVE-2021-45046 CVE-2021-45105
source link: https://infinispan.org/blog/2021/12/23/infinispan-log4j-cve-releases
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Infinispan and Log4j CVE-2021-45046 CVE-2021-45105
By Ryan Emerson
Dear Infinispan community,
We’ve just released 13.0.5.Final, 12.1.10.Final and 11.0.14.Final to address the latest CVEs that affect log4j-core (CVE-2021-45046, CVE-2021-45105). Additionally, we have released upgraded versions of the Infinispan Operator to match the server versions: 2.2.3.Final for Infinispan 13.0 and 2.1.7.Final for Infinispan 12.1. Please upgrade as soon as you can. Refer to our tracking Jira ISPN-13597 for versions.
What’s affected
We include log4j-core in our server distributions, including the images.
We are fixing the issue by upgrading to Log4J 2.17.0.
Mitigation strategies
If you cannot upgrade, there are a several mitigation strategies you can apply. But upgrading is always the best solution.
Get it, Use it, Ask us!
We’re hard at work on new features, improvements and fixes, so watch this space for more announcements!Please, download and test the latest release.
The source code is hosted on GitHub. If you need to report a bug or request a new feature, look for a similar one on our JIRA issues tracker. If you don’t find any, create a new issue.
If you have questions, are experiencing a bug or want advice on using Infinispan, you can use StackOverflow. We will do our best to answer you as soon as we can.
The Infinispan community uses Zulip for real-time communications. Join us using either a web-browser or a dedicated application on the Infinispan chat.
Recommend
-
9
log4j RCE Exploitation Detection You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228 Grep / Zgrep This command searches for exploitation attempts in...
-
1
Eclipse Vert.x and Log4j 2 CVE-2021-44228A recent CVE-2021-44228 has been disclosed that affects the Log4j 2 library.The Vert.x project can op...
-
11
Blogs Infinispan and Log4j CVE-2021-44228 Infinispan and Log4j CVE-2021-44228 December 13, 2021 Tags:...
-
6
...
-
110
Shiva Vishnubatla December 16, 2021 1 minute read
-
3
Log4j 2.15 vulnerability CVE-2021-45046 upgraded to a critical severity arbitrary code execution Jason Lane, Simon Maple December 17, 2021...
-
12
Log4j 2.16 High Severity Vulnerability (CVE – CVE-2021-45105) Discovered
-
4
December 18 All environments we have identified containing Customer Data running versions of Log4j vulnerable to CVE-2021-44228 have been patched. December 16 Apache Log4j Vulnerabi...
-
0
Log4j 2.16 High Severity Vulnerability (CVE-2021-45105) Discovered
-
9
Log4j “Log4Shell” RCE explained (CVE-2021-44228) Leave a reply Hell...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK