Juniper R2 2021 - Log4j vulnerability verification and correction

Description

The 'formatMsgNoLookups' property was added in version 2.10.0, per the JIRA Issue LOG4J2-2109 that proposed it. Therefore the 'formatMsgNoLookups=true' mitigation strategy is available in version 2.10.0 and higher, but is no longer necessary with version 2.16.0, because it then becomes the default behavior .

Checklist

hide

TestRail: Results

Activity

Show:

Owen Stephens December 15, 2021 at 11:37 AM

We use logback which implements the log4j api but isn't the log4j implementation
For additional info if needed: http://slf4j.org/log4shell.html, https://grails.org/blog/2021-12-14-log4j2-cve.html
Logback does NOT offer a lookup mechanism at the message level. Thus, it is deemed safe with respect to CVE-2021-44228.

Won't Do

Details

Assignee

Unassigned

Reporter

Oleksii Petrenko

Labels

back-endlog4j-fix

Priority

Development Team

Bienenvolk

Parent

FOLREL-507 R2 2021 Juniper - Log4j update

Release

R2 2021 Hot Fix #5

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created December 15, 2021 at 11:16 AM

Updated January 25, 2022 at 1:33 AM

Resolved December 15, 2021 at 11:37 AM

Configure

TestRail: Cases

TestRail: Runs