Kiwi R3 2021 - Log4j vulnerability verification and correction

Description

The 'formatMsgNoLookups' property was added in version 2.10.0, per the JIRA Issue LOG4J2-2109 that proposed it. Therefore the 'formatMsgNoLookups=true' mitigation strategy is available in version 2.10.0 and higher, but is no longer necessary with version 2.15.0, because it then becomes the default behavior .

Other comments:

mod-ldp doesn't use log4j

Environment

None

Potential Workaround

None

Checklist

hide

TestRail: Results

Activity

Show:

Charlotte Whitt December 14, 2021 at 6:56 PM

Duplicate with https://folio-org.atlassian.net/browse/MODLDP-23#icft=MODLDP-23

Duplicate

Details

Assignee

Kurt Nordstrom

Reporter

Charlotte Whitt

Labels

back-end

Priority

Development Team

Thor

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created December 14, 2021 at 4:50 PM

Updated December 14, 2021 at 6:56 PM

Resolved December 14, 2021 at 6:56 PM

Configure

TestRail: Cases

TestRail: Runs

mod-ldp

Kiwi R3 2021 - Log4j vulnerability verification and correction

Description

Environment

Potential Workaround

Checklist

TestRail: Results

Activity

Charlotte Whitt December 14, 2021 at 6:56 PM

Details

Assignee

Reporter

Labels

Priority

Development Team

TestRail: Cases

TestRail: Runs

Flag notifications

Something's gone wrong