Hi folks, I realise that was premature- I assume the fact that we're using DailyFileAppender means we are not vulnerable to JMSAppender vulnerabilities!
Cheers Scott On Friday, December 17, 2021 at 10:57:00 AM UTC [email protected] wrote: > Hi everyone > > We've just been alerted to another CVE not mentioned in Tim's post: > https://access.redhat.com/security/cve/CVE-2021-4104 > > This one seems to affect log4j v1.2- and certainly in our > dspace/config/log4j.properties (v 6.4) I see ample reference to "appender" > (see below). I'm wondering if action is necessary for this one. > > Cheers again > Scott > # The name of the file appender > log4j.appender.A3=org.dspace.app.util.DailyFileAppender > # The filename of the log file created. A date stamp is appended to this > log4j.appender.A3.File=${log.dir}/cocoon.log > # Set this to yyyy-MM-DD for daily log files, or yyyy-MM for monthly files > log4j.appender.A3.DatePattern=yyyy-MM-dd > # The number of log files to keep, or 0 to keep them all > log4j.appender.A3.MaxLogs=14 > # A2 uses PatternLayout. > log4j.appender.A3.layout=org.apache.log4j.PatternLayout > log4j.appender.A3.layout.ConversionPattern=%d %-5p %c %x - %m%n > > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/af121add-b5e8-4df0-bd93-e019d2e2d042n%40googlegroups.com.
