It would be great to also update the Docker containers, it is a critical vulnerability IMO. Thanks!
On Fri, Dec 10, 2021 at 5:41 PM Tim Allison <[email protected]> wrote: > All, > As you've probably heard, a dire rce was recently announced in > log4j2. I suspect it would be fairly easy to develop a PoC to show > that we're vulnerable. It isn't as straightforward as webapps that > are logging direct user input, but I don't think it would take much. > Should we push for a 2.x release in the next few days? > > Best, > > Tim > -- Cristian Zamfir Co-founder/VP of Reliability and Security - Cyberhaven https://cyberhaven.com https://www.linkedin.com/in/cristizamfir/ Mobile: +41 (798) 241-698 / +1 (617) 651-1306
