Update: Workaround from Oracle to bypass Log4j vulnerability not reliable
15. Dec 2021

Update: Workaround from Oracle to bypass Log4j vulnerability not reliable

 

According to the latest update from Oracle, the previously communicated workaround to bypass the Log4j vulnerability is NOT working properly. They are still working at high pressure to find a solution to this problem. We are in constant exchange with Oracle and will inform you about any development in our news.

Statement from Oracle:

"A new CVE-2021-45046 was released, affecting org.apache.logging.log4j:log4j-core package, versions prior to 2.16.0.
The new CVE identified:

  • The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations
  • The previous workaround, involving the addition of "-Dlog4j2.formatMsgNoLookups=true" JVM parameter, does NOT mitigate this specific vulnerability."

Note: For an overview of possible affected vendors, click here:

proadvise GmbH
Brühlweg 4
73663 Berglen

Newsletter

Register here for our newsletter and secure your knowledge advantage!

Register now

Copyright © 2020 proadvise.com - All rights reserved.
Design and programming webart-IT UG (haftungsbeschränkt)