Re: Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
Thank you! On Dec 12, 2021, at 10:13 AM, Jean-Baptiste Onofre wrote: log4j2.formatMsgNoLookups=true in etc/system.properties should do the trick. Regards JB Le 12 déc. 2021 à 18:10, Oleg Cohen a écrit : Hi JB, Thank you for the info. Do you have an example of how this can be dome in system.properties? Best, Oleg On Dec 12, 2021, at 10:08 AM, JB Onofré wrote: You can use system.properties to set the msg format on existing version. Else Karaf 4.3.4 will include fix by default. Le 12 déc. 2021 à 17:54, Paul Spencer a écrit : For users of Karaf 4.3.x, what is the recommended mitigation for "Apache Log4j Remote Code Execution Vulnerability", CVE-2021-44228? Paul Spencer
Re: Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
log4j2.formatMsgNoLookups=true in etc/system.properties should do the trick. Regards JB > Le 12 déc. 2021 à 18:10, Oleg Cohen a écrit : > > Hi JB, > > Thank you for the info. > > Do you have an example of how this can be dome in system.properties? > > Best, > Oleg > >> On Dec 12, 2021, at 10:08 AM, JB Onofré wrote: >> >> You can use system.properties to set the msg format on existing version. >> >> Else Karaf 4.3.4 will include fix by default. >> >>> Le 12 déc. 2021 à 17:54, Paul Spencer a écrit : >>> >>> For users of Karaf 4.3.x, what is the recommended mitigation for "Apache >>> Log4j Remote Code Execution Vulnerability", CVE-2021-44228? >>> >>> Paul Spencer >>> >> >
Re: Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
Hi JB, Thank you for the info. Do you have an example of how this can be dome in system.properties? Best, Oleg > On Dec 12, 2021, at 10:08 AM, JB Onofré wrote: > > You can use system.properties to set the msg format on existing version. > > Else Karaf 4.3.4 will include fix by default. > >> Le 12 déc. 2021 à 17:54, Paul Spencer a écrit : >> >> For users of Karaf 4.3.x, what is the recommended mitigation for "Apache >> Log4j Remote Code Execution Vulnerability", CVE-2021-44228? >> >> Paul Spencer >> >
Re: Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
You can use system.properties to set the msg format on existing version. Else Karaf 4.3.4 will include fix by default. > Le 12 déc. 2021 à 17:54, Paul Spencer a écrit : > > For users of Karaf 4.3.x, what is the recommended mitigation for "Apache > Log4j Remote Code Execution Vulnerability", CVE-2021-44228? > > Paul Spencer >
Karaf 4.3.x "Apache Log4j Remote Code Execution Vulnerability" mitigation?
For users of Karaf 4.3.x, what is the recommended mitigation for "Apache Log4j Remote Code Execution Vulnerability", CVE-2021-44228? Paul Spencer
