IceWarp log4j / log4shell

Sledovat

opticom.it

• 12.12. 2021 12:58

CVE-2021-44228

Can anyone tell if IceWarp is also affected by the log4j zero-day exploit?

I saw in another forum entry that this is present there, at least log-wise:

https://support.icewarp.com/hc/en-us/articles/360018920898-How-to-troubleshoot-WebDocuments-when-they-do-not-want-to-start

change /etc/onlyoffice/documentserver/log4js/production.json from "WARN" to "DEBUG" mode

 

0

• 

  Mike | Head of Customer Success

  • 5.01. 2022 12:12

  Hello

  I want to confirm that IceWarp is not affected by the log4j vulnerability in any way.

  Please find our official statement here.

  0

  Akce s komentáři Permanentní odkaz
• 

  Tony Savage

  • 20.09. 2022 04:56

  Unfortunately, if you are using one of the products affected by the log4j zero-day exploit, most of the security fixes fall in the hands of companies and products that use Log4j. At the moment, their security teams need to identify devices that run Log4j and update them to Log4j-2.16 or a later version.

  0

  Akce s komentáři Permanentní odkaz

Přihlaste se, abyste mohli napsat komentář.