See email https://lists.apache.org/thread/nc3gz7yvokc9ktkzs8078jr5t04nfmdy
and it includes ways to workaround it. up-to-date java Java 8u121 // Java 11.0.1 (stops any code injection) Set system property "-Dlog4j2.formatMsgNoLookups=true" (stops interpretation of malicious log messages) https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Andy On 13/12/2021 12:39, Piotr Nowara wrote:
Hi. I see the most recent Fuseki code on GitHub is using log4j 2.15. Do you know which older version might be affected? Thanks, Piotr
