[Info-vax] Issues now found in log4j version 1

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Feb 8 08:57:26 EST 2022


On 2022-02-07, Arne Vajhøj <arne at vajhoej.dk> wrote:
> On 2/7/2022 1:23 PM, Simon Clubley wrote:
>> Issues have now been found in version 1 of log4j. This is the older
>> version that was previously not considered to be vulnerable.
>> 
>> Details in:
>> 
>> https://access.redhat.com/errata/RHSA-2022:0442
>
> The older version that reached project EOL in 2015.
>
> Redhat has released a fix anyway.
>

When you consider that Redhat routinely backport security fixes to
older versions of software, that's probably not as unusual as it seems.

>
> There are plenty of other logging frameworks out there.
>
> Java: jul, logback etc.
> .NET: log4net, NLog etc.
> PHP: log4php, Monolog etc.
> Etc.
>

In addition to those, there are also the public facing loggers that
exist within an operating system itself.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.



More information about the Info-vax mailing list