You have 2 recent CVEs for Log4j 2.x to be aware of - CVE-2021-44228 and CVE-2021-45046. Both of these are currently resolved by simple upgrading to Log4j2 2.16.0
Log4j 1.x was EOL in August 2015 and now has an ever growing post-EOL CVE list, it's use in production is not recommended anymore. As Simone pointed out, Jetty has never had a dependency on log4j, any version. If you are using log4j, then you added it to your own copy of Jetty. Upgrading log4j, or deciding to switch to a different logging implementation (logback, java.util.logging, etc) will have zero impact on Jetty itself. Joakim Erdfelt / joa...@webtide.com On Thu, Dec 16, 2021 at 12:57 AM Kumar, Amit (Noida) via jetty-dev < jetty-...@eclipse.org> wrote: > > > Hi Team, > > > > We are using Below jar provided by you. We want to ensure and know if it > is impacted by “Apache Log4j Tool : Zero Day in Ubiquitous Under Active > Attack (CVE-2021-44228)”. If it’s impacted please let us know about the > security recommendation. To know we are looking for following answer > > > > Jars: > > jetty-4.2.19 4.2.19 > > jetty-continuation-7.5.4.v20111024 7.5.4 > > jetty-http-7.5.4.v20111024 7.5.4 > > jetty-security-7.5.4.v20111024 7.5.4 > > jetty-util-7.5.4.v20111024 7.5.4 > > jetty-io-7.5.4.v20111024 7.5.4 > > jetty-server-7.5.4.v20111024 7.5.4 > > > > > > Are you using log4J? > > If you are using log4j 1.x version, are you using JMSAppender class > > if you are using log4j 2.x are , what is your security recommendation to > fix the issue > > > > > > Thanks and regards, > > > > *Amit Kumar* > > *Tech Lead, Software Development Engineering* > > Financial & Risk Management Solutions > > Mobile: +91-9990094588 > > Upcoming R&R: > > *Fiserv * > > *Helping Small Businesses Get** Back2Business > <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_RZ22cy4q6bM8_TzJLUFZkYWdITm81S3lmUEFuVlpwT3hCT1FtWFlmMDVVV1g1cTQ2ZnJXRS9FNFR2UkFGVVU0SzBIRHVBUHMwYTdOM2ROV2w3NDZRTEg2aGFaT2NhdGxNMFo2ZjJLclp3N3h1SXgzQys2dU09S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=SsuMM9K4X6-LD5gm7ULhlcCpWEqlIdXt0prnYpS6dss&m=EX9k1mYsarorAHo0fqkLhRLzA8ohktftTCpgsUd_vr0&s=R-6lvnOhG5fnONNKZPmlgec0f7YBuuiH45dZ4t9Y3X4&e=>* > Fiserv > <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_X677F3dKx8Tx_TzJLUFZkYWdITm81S3lmUEFuVlpwT3hCT1FtWFlmMDVVV1g1cTQ2ZnJXRS9FNFR2UkFGVVU0SzBIRHVBUHMwYTdOM2ROV2w3NDZRTEg2aGFaT2NhdGxNMFo2ZjJLclp3N3h1SXgzQys2dU09S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=SsuMM9K4X6-LD5gm7ULhlcCpWEqlIdXt0prnYpS6dss&m=EX9k1mYsarorAHo0fqkLhRLzA8ohktftTCpgsUd_vr0&s=NGFO_LDQrhMwepNez_lhHhtYeLweF4IK5nDNtCpnCic&e=> > | Join Our Team > <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_j9LLfXwgErFR_TzJLUFZkYWdITm81S3lmUEFuVlpwT3hCT1FtWFlmMDVVV1g1cTQ2ZnJXRS9FNFR2UkFGVVU0SzBIRHVBUHMwYTdOM2ROV2w3NDZRTEg2aGFaT2NhdGxNMFo2ZjJLclp3N3h1SXgzQys2dU09S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=SsuMM9K4X6-LD5gm7ULhlcCpWEqlIdXt0prnYpS6dss&m=EX9k1mYsarorAHo0fqkLhRLzA8ohktftTCpgsUd_vr0&s=AovzNmRVWUIYoZzsyaRayRoSza5FiHf_XI4QYRFpUKQ&e=> > | Twitter > <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_bxXXB-2DpG2wfb_TzJLUFZkYWdITm81S3lmUEFuVlpwT3hCT1FtWFlmMDVVV1g1cTQ2ZnJXRS9FNFR2UkFGVVU0SzBIRHVBUHMwYTdOM2ROV2w3NDZRTEg2aGFaT2NhdGxNMFo2ZjJLclp3N3h1SXgzQys2dU09S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=SsuMM9K4X6-LD5gm7ULhlcCpWEqlIdXt0prnYpS6dss&m=EX9k1mYsarorAHo0fqkLhRLzA8ohktftTCpgsUd_vr0&s=C131Xh7_qy_-NgY7CtUnhDREDFghFEQXaGsNPSbLZQw&e=> > | LinkedIn > <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_z9-5F-5FfAx8R-7EBm_TzJLUFZkYWdITm81S3lmUEFuVlpwT3hCT1FtWFlmMDVVV1g1cTQ2ZnJXRS9FNFR2UkFGVVU0SzBIRHVBUHMwYTdOM2ROV2w3NDZRTEg2aGFaT2NhdGxNMFo2ZjJLclp3N3h1SXgzQys2dU09S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=SsuMM9K4X6-LD5gm7ULhlcCpWEqlIdXt0prnYpS6dss&m=EX9k1mYsarorAHo0fqkLhRLzA8ohktftTCpgsUd_vr0&s=nur3UqZMYo9u9wV8r9dN7NTf7ruHik2RoHJBApj4rBQ&e=> > | Facebook > <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_ebwwFvy-7EgkQ7_TzJLUFZkYWdITm81S3lmUEFuVlpwT3hCT1FtWFlmMDVVV1g1cTQ2ZnJXRS9FNFR2UkFGVVU0SzBIRHVBUHMwYTdOM2ROV2w3NDZRTEg2aGFaT2NhdGxNMFo2ZjJLclp3N3h1SXgzQys2dU09S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=SsuMM9K4X6-LD5gm7ULhlcCpWEqlIdXt0prnYpS6dss&m=EX9k1mYsarorAHo0fqkLhRLzA8ohktftTCpgsUd_vr0&s=hd3ZCW13ah-YOC_rC0AZIjDWrL_h6jiYvxFA2dPfi_c&e=> > FORTUNE *World's Most Admired Companies®* > 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021 > > © 2021 Fiserv Inc. or its affiliates. Fiserv is a registered trademark of > Fiserv Inc. Privacy Notice > <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_w-5F33sEW2jps3_TzJLUFZkYWdITm81S3lmUEFuVlpwT3hCT1FtWFlmMDVVV1g1cTQ2ZnJXRS9FNFR2UkFGVVU0SzBIRHVBUHMwYTdOM2ROV2w3NDZRTEg2aGFaT2NhdGxNMFo2ZjJLclp3N3h1SXgzQys2dU09S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=SsuMM9K4X6-LD5gm7ULhlcCpWEqlIdXt0prnYpS6dss&m=EX9k1mYsarorAHo0fqkLhRLzA8ohktftTCpgsUd_vr0&s=aSztimCBadAn9CoDhVg4wBWZM1vKatItDvP9Kz3EvC4&e=> > © 2021 Fortune Media IP Limited. Used under license. > > > _______________________________________________ > jetty-dev mailing list > jetty-...@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-dev >
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
