Uploaded image for project: 'Pegasus'
  1. Pegasus
  2. PM-1836

Update Pegasus Log4J support to 2.17

XMLWordPrintable

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major Major
    • master, 5.1.0, 5.0.2
    • Affects Version/s: master, 5.0.1
    • Component/s: logging
    • None

      If you are not already aware of this, on Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that may result in Remote Code Execution (RCE) by processing a certain string.

      System Owners:
      Apache has since then released a patch:
      https://logging.apache.org/log4j/2.x/security.html Or Disable JNDI
      If you are system owners with hosted tools that are impacted, please go ahead and perform the patches/remediation step. CIS is currently working on scanning the network and will start working with system owners to remediate the vulnerabilities. We thank you in advance for working with us.

      Details at:
      https://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/

            Assignee:
            vahi Karan Vahi
            Reporter:
            vahi Karan Vahi
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: