[GMU-12] Iris R1 2021 - Log4j vulnerability verification and correction Created: 16/Dec/21 Updated: 10/Jan/22 Resolved: 21/Dec/21 |
|
| Status: | Closed |
| Project: | generate-marc-utils |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P1 |
| Reporter: | Oleksii Petrenko | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | back-end | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | |||||||||
| Story Points: | 1 | ||||||||
| Development Team: | Firebird | ||||||||
| Description |
|
The 'formatMsgNoLookups' property was added in version 2.10.0, per the JIRA Issue LOG4J2-2109 that proposed it. Therefore the 'formatMsgNoLookups=true' mitigation strategy is available in version 2.10.0 and higher, but is no longer necessary with version 2.16.0, because it then becomes the default behavior . |