Menu
▾
▴
Re: [Exist-open] log4j2 vulnerability
|
From: Peter S. <st...@we...> - 2021-12-15 16:18:15
|
Just for the record/convenience, I do a `find` first to take care of the different paths:
find ${EXIST_HOME} -name log4j-core-*.jar -exec zip -q -d {} org/apache/logging/log4j/core/lookup/JndiLookup.class \;
Best
Peter
> Am 15.12.2021 um 15:54 schrieb Clark, Ash <as....@no...>:
>
> Hi Pietro,
>
> You may need to be in EXIST_HOME/lib to run the command for removing the JNDI class. Sorry for the omission!
>
> ~Ash
> From: Pietro Liuzzo <pie...@gm...>
> Sent: Wednesday, December 15, 2021 2:16 AM
> To: Clark, Ash <as....@no...>
> Cc: Mathias Göbel <go...@su...>; exist-open <exi...@li...>
> Subject: Re: [Exist-open] log4j2 vulnerability
>
> Thanks!
>
> I have tried to do this as well but I am told that there is nothing to do.
> perhaps the location of that class depends on the system?
>
> all best
> Pietro
>
> Pietro Maria Liuzzo (egli/lui,he/him,er/ihn)
> cel (DE): +49 (0) 176 61 000 606
> Skype: pietro.liuzzo (Quingentole)
> ORCID: https://orcid.org/0000-0001-5714-4011
> Academia: https://uni-hamburg.academia.edu/PietroMariaLiuzzo
>
>
>
>
>
>
>> Il giorno 14 dic 2021, alle ore 22:27, Clark, Ash <as....@no...> ha scritto:
>>
>> zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
>
> _______________________________________________
> Exist-open mailing list
> Exi...@li...
> https://lists.sourceforge.net/lists/listinfo/exist-open
|
