Vladislav Chkhartishvili Posted December 20, 2021 Share Posted December 20, 2021 Is there any solution for log4j vulnerability in jasper 6? It uses log4j v1.2.17 so there's no LOG4J_FORMAT_MSG_NO_LOOKUPS variableI wonder if jasper/tomcat will work correctly without log4j.jar? jasperserver.log is still created but tomcat reports:org.apache.catalina.startup.ClassLoaderFactory validateFileWARNING: Problem with JAR file [/usr/share/java/tomcat/log4j.jar], exists: [false], canRead: [false] Link to comment Share on other sites More sharing options...
djohnson53 Posted December 20, 2021 Share Posted December 20, 2021 This Wiki, https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products , Details which versions of what are affedted. Link to comment Share on other sites More sharing options...
Vladislav Chkhartishvili Posted December 21, 2021 Author Share Posted December 21, 2021 Log4j v1.2.x is still affected according to our vulnerability scanner, so the question is not about which versions are affected but about how to update log4j v1.2.x jar to v2.x or is it possible to use jasper without it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now