Hello,
OFBiz is affected by this.
This week-end we publish a corrective version 18.12.03 [1], and the
trunk has been also corrected(many thanks to Jacques !)
If you want to fix your OFBiz version, update your log4j dependencies to
version 2.15.0.
You can check the Jacques's commit
64a0b6e8d04b936
Hi all,
I’m sure all of you are aware of what’s going with the Log4j security
vulnerability, If not then :
- https://www.wired.com/story/log4j-flaw-hacking-internet/
-
https://logging-apache-org.translate.goog/log4j/2.x/security.html?_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=en-US
So some of us are wonde