While ArchivesSpace itself might not be vulnerable, those who run an extrrnal
Solr instance should be aware that it itself may be, see
https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
for more information and some possible workarounds.
p
Right, it is bad. I'm digging around at everything this morning looking for
places that might be vulnerable.
There are a couple of gems in the gems directory which use older versions
of log4j (ladle-0.2.0-java, mizuno-0.6.11). No idea where those come into
play with the overall software.
Tom
On
There is a lot of buzz right now about the log4j exploit being used against
Java applications. Does anyone know if ArchivesSpace is vulnerable to these
exploits?
Tom
--
*Tom Hanstra*
*Sr. Systems Administrator*
hans...@nd.edu
___