On Mon, Dec 13, 2021 at 2:37 PM Derek Atkins <de...@ihtfp.com> wrote:
> > On Mon, December 13, 2021 8:04 am, Gianluca Cecchi wrote: > >> > > If I understood correctly reading here: > > > https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell > > > > you are protected by the RCE if java is 1.8 and greater than 1.8.121 > > (released on 2017) > > Do you mean 1.8.0.121? For example, my system has: > > java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64 > > -derek > > Yes, what the link refers to as 8u121: https://www.oracle.com/java/technologies/javase/8u121-relnotes.html Your version: 8u252 (or anyway based on it). On my 4.4.8 engine I have java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_4.x86_64 but I have also java-11-openjdk-headless-11.0.12.0.7-0.el8_4.x86_64 that is what ovirt-engine uses, based on: [root@ovmgr1 ovirt-engine]# ll /proc/$(pidof ovirt-engine)/fd | grep jvm lr-x------. 1 ovirt ovirt 64 Sep 24 09:02 3 -> /usr/lib/jvm/java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64/lib/modules [root@ovmgr1 ovirt-engine]# Gianluca
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HMHHRWIIEPX2HPQKUBL6UO2YJPT4ANFE/