Menu
▾
▴
[Unity-idm-discuss] Log4j vulnerability
|
From: Krzysztof B. <kb...@un...> - 2021-12-13 12:08:24
|
Dear Subscribers, As you may noticed Unity is using the vulnerable log4j library (see CVE <https://nvd.nist.gov/vuln/detail/CVE-2021-44228> for details). Version 3.7.1 (soon to be published) will contain a fixed dependency. Until it is available (and in cases you can't upgrade stright away) the following workaround is strongly advised. In the file |conf/startup.properties| add the following line towards the end of the file: |OPTS=$OPTS" -Dlog4j2.formatMsgNoLookups=true"| Server restart is required after this change. Best regards, Krzysztof |
