Closed sopgreg closed 2 years ago
Indeed, the problems with Log4J affect Holodeck B2B too. In the new release we will upgrade to the latest version. For now, the fastest way to fix this issue is to upgrade the Log4J jars in Holodeck-B2B/lib to the latest version manually.
Fixed in versions 5.3.1
It seems like HB2B is affected by
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
log4j2 needs to be upgraded to >= 2.15.0 or a workaround must be applied to
startServer.bat/startServer.sh
to set the propertylog4j2.formatMsgNoLookups
(in case no log lookups are required)regards