Menu
▾
▴
Re: [Exist-open] log4j2 vulnerability
|
From: Omar S. <Oma...@oe...> - 2021-12-15 16:04:55
|
Hi,
I successfully replaced the jars in a exist 4.3.1 version which we use
several times. It worked so far without problems.
Am 15.12.2021 um 16:30 schrieb Josef Wetzel UL via Exist-open:
> Many Thanks to Adam (and others involved) for providing 5.3.1 so quickly!
>
> I use eXist-db 4.7.1 still in an active project. I think, I have the
> following alternatives:
>
> - Replace %m with %m{nolookups} in log4j2.xml (which I have done in
> all my installations) and which as of now seems not to be sufficient
> - Replace the actual jars of log4j2 with the jars of log4j2 version
> 2.16, can I simply replace these jars in an eXist-db-install (e.g.
> eXist-db-4.7.1)?
> - Wait for an updated version of eXist-db-4.7.1 (I could maybe myself
> update the source tree in github, if someone could instruct me briefly
> :-)).
>
> I need eXist-4.7.1 for at least a while, since my project takes
> advantage of Joern Turners (et.al.) betterForm package.
>
> Thanks
>
> Josef Wetzel
>
Best regards
--
Mag. Ing. Omar Siam
Austrian Center for Digital Humanities and Cultural Heritage
Österreichische Akademie der Wissenschaften | Austrian Academy of Sciences
Stellvertretende Behindertenvertrauensperson | Deputy representative for disabled persons
Wohllebengasse 12-14, 1040 Wien, Österreich | Vienna, Austria
T: +43 1 51581-7295
oma...@oe... | www.oeaw.ac.at/acdh
|
