Hi all, I found this thread on twitter, might contain some information in this regard: https://twitter.com/geowolf/status/1469347543087779848
HTH Best Marc Am 12. Dezember 2021 10:14:28 MEZ schrieb Richard Duivenvoorde <rdmaili...@duif.net>: >Hi Devs, > >In our national IT security group (and national news) there is an item about >an issue with log4j2, pointing to: > >http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228 >or >https://logging.apache.org/log4j/2.x/security.html > >As I deployed some Geoservers at some servers here and there :-) I'm wondering >IF Geoserver (as being a public faced java application) is vulnarable or not... > >Anybody can confirm Geoserver (or Tomcat) use log4j(2?) <=2.14.1? Or actually >should Geoserver users do the mitigation actions written in the apache >security link? >OR totally is not affected... > >Any hints appreciated, > >Regards, > >Richard Duivenvoorde > > >_______________________________________________ >Geoserver-devel mailing list >Geoserver-devel@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/geoserver-devel >
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
