Hi Devs, In our national IT security group (and national news) there is an item about an issue with log4j2, pointing to:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228 or https://logging.apache.org/log4j/2.x/security.html As I deployed some Geoservers at some servers here and there :-) I'm wondering IF Geoserver (as being a public faced java application) is vulnarable or not... Anybody can confirm Geoserver (or Tomcat) use log4j(2?) <=2.14.1? Or actually should Geoserver users do the mitigation actions written in the apache security link? OR totally is not affected... Any hints appreciated, Regards, Richard Duivenvoorde _______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
