Hello Forum,
do we have a security problem using the FAF Client?
I have found three log4*.jar files in my FAF installation folder while scanning the whole pc.
log4j-api-2.14.1.jar
log4j-core-2.14.1.jar
log4j-to-slf4j-2.14.1.jar
Further Informations log4j:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046
@Uveso
I sincerely hope you are right. This security issue deletes our chrismas holidays include Weekend.
Where do i set the formatMsgNoLookups Parameter? Is there for example a XML configuration File in the FAF Client Folder?
Hi Sheika, thanks for your fast reply.
I cannot evaluate the complex security circumstances in this special case.
Is it still possible to use the Log4j version > = 2.16 with the next patch ?
Hello Forum,
do we have a security problem using the FAF Client?
I have found three log4*.jar files in my FAF installation folder while scanning the whole pc.
log4j-api-2.14.1.jar
log4j-core-2.14.1.jar
log4j-to-slf4j-2.14.1.jar
Further Informations log4j:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046