Home > Blockchain >  log4j vulnerability fix
log4j vulnerability fix

Time:12-12

I heard Log4j core is vulnerable according to https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot

So I need a fix to get rid of vulnerabilities from my services!

I am trying to bump up log4j from older versions to 2.15.0

CodePudding user response:

Please find the solution

Upgrade Apache log4j version to 2.15.0 (released date: Friday, December 10, 2021) , if you are using Apache log4j and the version is less than 2.15.0

Also check the JVM version, if lower than this may get impacted.

  1. Java 6 – 6u212
  2. Java 6 – 6u212
  3. Java 7 – 7u202
  4. Java 8 – 8u192
  5. Java 11 - 11.0.2

CodePudding user response:

I found the dirty fix itself in the article!

https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot read this carefully

Just add the following code block in your build.gradle and this will upgrade your log4j libs to 2.15.0

configurations.all {
    resolutionStrategy.eachDependency { DependencyResolveDetails details ->
        if (details.requested.group == 'org.apache.logging.log4j') {
            details.useVersion '2.15.0'
        }
    }
}

Page link:https//www.codepudding.com/Blockchain/225203.html

Prev:JProgressBar positioning to bottom of the window
Next:How to redirect www to non-www in nginx
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding