You might have better luck on the spymemcached mailing list [email protected] ( https://groups.google.com/forum/#!forum/spymemcached)
The vulnerability appears to only impact log4j 2.x, not 1.2.x. Regards, John On Wed, Oct 17, 2018 at 6:00 PM Deepthi Komatineni <[email protected]> wrote: > > We in our project use spymemcached.2.11.1.jar which uses Log4J 1.2.16 > <https://mvnrepository.com/artifact/log4j/log4j/1.2.16> > > There is a security vulnerability observed in Apache Log4j 2.x before > 2.8.2, when using the TCP socket server or UDP socket server to receive > serialized log events from another application, a specially crafted binary > payload can be sent that, when deserialised, can execute arbitrary code. > > How do I apply the Log4J security patch ( > https://www.cvedetails.com/cve/CVE-2017-5645/) on memcached jars? Would > memcached do it or should i update the pom.xml in memcached jar myself? > > Regards, > Deepthi > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "memcached" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
