> From: Juri Berlanda
> Sent: 13 December 2021 15:03
> Subject: [External] Re: CVE-2021-44228 Log4j 2 Vulnerability - Runtime vs
> compile time Java version
> Hi,
> we were affected - we use an AccessLogValve, which logs to Log4j2 and we
> use Log4j as java.util.logging LogManager. We already
HI Mark,
Thank you. That clarifies something I was not quite getting.
Surely setting a system property “log4j2.formatMsgNoLookups” does not require a
particular JRE version?
And no, it doesn’t.
Yes – we’d need to upgrade log4j2 and/or add that parameter. Whilst the JRE
version might deliver