[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
George Cornelius
cornelius at eisner.decus.org
Thu Jan 6 17:21:46 EST 2022
David Turner <dturner at islandco.com> wrote:
> It's better than nothing
If it gives you some peace of mind you can try it in the short term.
BTW, some email environments do allow blocking by country of origin,
e.g., Cisco Email Security Appliances. It's something we have chosen
not to use.
But when waiting for a patch to arrive sometimes you grasp at straws.
My home Linux box has Libre Office, and some report writer functionality
had a dependency on log4j and it did not seem to be possible to remove
log4j without using some kind of --force-remove option, although I
suppose I could have just hidden the executable for that portion of
Libre Office.
I see I have the log4j patch in now as part of a routine patch
application, but I don't believe it was there to begin with so I was
exposed for a few days.
George
> I think a lot of US hosting companies also have blocked suspicious
> Russian traffic and will not allow non-US companies to be hosted.
>
> It has certainly helped us.
>
More information about the Info-vax
mailing list