https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Has anyone attempted to mitigate this CVE yet? There seems to be two possible approaches to mitigation: 1 The sledgehammer approach of removing the JndiLookup.class from the jar files: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class 2. Rebuild CAS and set "log4jVersion=2.15.0" -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/885973b3982643508efbf27a99855460%40mun.ca.
