Serge, A official statement should be coming out soon, but I think it is safe to say the ACS is not impacted, for sure with the default log4j configuration. The version we use is not impacted. A colleague PMC member did an exploit attempt and showed it failing. If you are unsure [1] describes what we feel is applicable to Cloudstack as well..
[1] http://slf4j.org/log4shell.html On Mon, Dec 13, 2021 at 9:55 AM Bs Serge <sergeb...@gmail.com> wrote: > Hi all, > > I’m sure all of you are aware of what’s going with the Log4j security > vulnerability, If not then : > > - https://www.wired.com/story/log4j-flaw-hacking-internet/ > - > > https://logging-apache-org.translate.goog/log4j/2.x/security.html?_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=en-US > > So some of us are wondering : > > Does it affect some versions of the management server installation? and > What can one do to make sure that they are safe from this vulnerability? > > Best Regards, > -- Daan