[Info-vax] Issues now found in log4j version 1
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Feb 8 08:57:26 EST 2022
On 2022-02-07, Arne Vajhøj <arne at vajhoej.dk> wrote:
> On 2/7/2022 1:23 PM, Simon Clubley wrote:
>> Issues have now been found in version 1 of log4j. This is the older
>> version that was previously not considered to be vulnerable.
>>
>> Details in:
>>
>> https://access.redhat.com/errata/RHSA-2022:0442
>
> The older version that reached project EOL in 2015.
>
> Redhat has released a fix anyway.
>
When you consider that Redhat routinely backport security fixes to
older versions of software, that's probably not as unusual as it seems.
>
> There are plenty of other logging frameworks out there.
>
> Java: jul, logback etc.
> .NET: log4net, NLog etc.
> PHP: log4php, Monolog etc.
> Etc.
>
In addition to those, there are also the public facing loggers that
exist within an operating system itself.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list