Latest Magda production v1.1.0 is not vulnerable to CVE-2021-45046 #3289
t83714
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The latest Magda production v1.1.0 is not vulnerable.
According to log4j Security Vulnerabilities page:
A system is vulnerable to CVE-2021-45105, “When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId})”
We didn’t use the non-default Pattern Layout in our configuration.
Elasticsearch also updated their advisory board:
and indicated “Elasticsearch has no known vulnerabilities to CVE-2021-45105”.
Beta Was this translation helpful? Give feedback.
All reactions