You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Mitigation
Log4j 1.x mitigation: Log4j 1.x is not impacted by this vulnerability.
Log4j 2.x mitigation: Implement one of the mitigation techniques below.
Java 8 (or later) users should upgrade to release 2.16.0.
Users requiring Java 7 should upgrade to release 2.12.2 when it becomes available (work in progress, expected to be available soon).
Otherwise, remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.
We will upgrade our codebase to 2.16.0. For upstream projects (e.g. elasticsearch), we will remove JndiLookup class from our docker images.
The text was updated successfully, but these errors were encountered:
Address CVE-2021-45046
See https://logging.apache.org/log4j/2.x/security.html for details.
As Mitigation options provided by log4j:
We will upgrade our codebase to 2.16.0. For upstream projects (e.g. elasticsearch), we will remove
JndiLookup class
from our docker images.The text was updated successfully, but these errors were encountered: