Hello, OFBiz is affected by this. This week-end we publish a corrective version 18.12.03 [1], and the trunk has been also corrected(many thanks to Jacques !)
If you want to fix your OFBiz version, update your log4j dependencies to version 2.15.0. You can check the Jacques's commit 64a0b6e8d04b936f472b418cc8847c03b462d3a0 for more details Nicolas [1] https://dlcdn.apache.org/ofbiz/apache-ofbiz-18.12.03.zip [2] https://github.com/apache/ofbiz-framework/commit/64a0b6e8d04b936f472b418cc8847c03b462d3a0 On 13/12/2021 09:50, Bs Serge wrote: > Hi all, > > I’m sure all of you are aware of what’s going with the Log4j security > vulnerability, If not then : > > - https://www.wired.com/story/log4j-flaw-hacking-internet/ > - > https://logging-apache-org.translate.goog/log4j/2.x/security.html?_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=en-US > > So some of us are wondering : > > Does this affect at least some versions of OFBiz? and What can one do to > make sure that they are safe from this vulnerability? > > Best Regards, >
