Jdk 1.8 192 or newer or jdk11 11.0.2 or newer are not affected it seems, as JNDI lookups are disabled there by default.
https://www.veracode.com/blog/security-news/urgent-analysis-and-remediation-guidance-log4j-zero-day-rce-cve-2021-44228 Sent while mobile. > Am 11.12.2021 um 13:44 schrieb Anders Collstrup <[email protected]>: > > > My fix was the following: > > CAS 6.1 running on debian 10. All except CAS installed from standard repo's > > created this file: > /usr/share/tomcat9/bin/setenv.sh > > containing:: > JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=True" > > After restart of tomcat I could see the following in the log: > 10-Dec-2021 18:49:18.681 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Command line argument: > -Dlog4j2.formatMsgNoLookups=True > >> On Fri, Dec 10, 2021 at 7:37 PM Manuel Cones <[email protected]> wrote: >> Hello, due the recent discovered log4j2 vulnerability, whats the way to >> mitigate it? >> >> >> should i add log4j2.formatMsgNoLookups=true to the cas.properties file? >> >> Thanks in Advance, >> Manuel. >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ae1c7b48-1c3e-4c3c-b762-f5a8e5794df9n%40apereo.org. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BMOL%2B%3DpjJ2JgE%2BOL7X4RibLSjWe8KQAKt13Q1npJj_g21VoCA%40mail.gmail.com. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/D71FB144-5859-4D97-97B8-F363CBBE8256%40gmail.com.
