Re: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?

[Steele, Henry]

Are people on earlier versions of ArchivesSpace , e.g. 2.7.1 that use 
archivesspace's internal solr vulnerable?

From: archivesspace_users_group-boun...@lyralists.lyrasis.org 
<archivesspace_users_group-boun...@lyralists.lyrasis.org> On Behalf Of Peter 
Heiner
Sent: Saturday, December 11, 2021 9:00 AM
To: Archivesspace Users Group <archivesspace_users_group@lyralists.lyrasis.org>
Subject: Re: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?

While ArchivesSpace itself might not be vulnerable, those who run an extrrnal 
Solr instance should be aware that it itself may be, see 
https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
 for more information and some possible workarounds.

p
________________________________
From: 
archivesspace_users_group-boun...@lyralists.lyrasis.org<mailto:archivesspace_users_group-boun...@lyralists.lyrasis.org>
 
<archivesspace_users_group-boun...@lyralists.lyrasis.org<mailto:archivesspace_users_group-boun...@lyralists.lyrasis.org>>
 on behalf of Tom Hanstra <hans...@nd.edu<mailto:hans...@nd.edu>>
Sent: 11 December 2021 13:21
To: Archivesspace Users Group 
<archivesspace_users_group@lyralists.lyrasis.org<mailto:archivesspace_users_group@lyralists.lyrasis.org>>
Subject: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?

There is a lot of buzz right now about the log4j exploit being used against 
Java applications. Does anyone know if ArchivesSpace is vulnerable to these 
exploits?

Tom
--
Tom Hanstra
Sr. Systems Administrator
hans...@nd.edu<mailto:hans...@nd.edu>

[https://docs.google.com/uc?export=download&id=1GFX1KaaMTtQ2Kg2u8bMXt1YwBp96bvf0&revid=0B7APN9POn6xAQ244WWFYMFU3aVJwZ0lxbmVHK3FxNXlCd0RRPQ]

_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group