Hi everyone
We've just been alerted to another CVE not mentioned in Tim's post:
https://access.redhat.com/security/cve/CVE-2021-4104
This one seems to affect log4j v1.2- and certainly in our
dspace/config/log4j.properties (v 6.4) I see ample reference to "appender"
(see below). I'm wondering if action is necessary for this one.
Cheers again
Scott
# The name of the file appender
log4j.appender.A3=org.dspace.app.util.DailyFileAppender
# The filename of the log file created. A date stamp is appended to this
log4j.appender.A3.File=${log.dir}/cocoon.log
# Set this to yyyy-MM-DD for daily log files, or yyyy-MM for monthly files
log4j.appender.A3.DatePattern=yyyy-MM-dd
# The number of log files to keep, or 0 to keep them all
log4j.appender.A3.MaxLogs=14
# A2 uses PatternLayout.
log4j.appender.A3.layout=org.apache.log4j.PatternLayout
log4j.appender.A3.layout.ConversionPattern=%d %-5p %c %x - %m%n
--
All messages to this mailing list should adhere to the Code of Conduct:
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/dspace-tech/528310ba-fc2d-4bc1-949b-b271bfd59145n%40googlegroups.com.
