Closed kalylian closed 3 months ago
JMSAppender is configured via log4j.properties... https://knowledge.broadcom.com/external/article/231043/cve20214104-log4j-1x-vulnerability-remed.html
JMSAppender is not configured/present in this repository:
~/repos/metalnx-web $ grep -rI "log4j.appender.jms" .
~/repos/metalnx-web $
Metalnx is not affected.
Hi,
I have a short question regarding Log4J and Log4Shell. Metalnx seems to be using Log4J 1.2, which is vulnerable for Log4Shell when configured to use JMSAppender:
https://nvd.nist.gov/vuln/detail/CVE-2021-4104
I found #296 , which states the Log4J version but doesn't specify whether JMSAppender is activated.
Can you please confirm whether or not Metalnx is affected?
Kind regards,
Kaly