Mageia forum

Hi all. Should we be worried about the java log4j vulnerability? Any suggestions for Mageia users about this?

I came across this script and include it for others. Use at your own risk. It will search your system for log4j files.
https://raw.githubusercontent.com/rubo77/log4j . . . (snip}

Disclaimer.
Mid Level Linux user here.
I am not a developer.

Feel free to move this post to a better forum if necessary.

For such stuff it is always recommended to follow our bugtracker. The latest secured log4j version 2.16 is already in our testing repo and QA process.
https://bugs.mageia.org/show_bug.cgi?id=29766

I look forward to this fix coming through our updates.
Thanks

brm wrote:Hi all. Should we be worried about the java log4j vulnerability? Any suggestions for Mageia users about this?

Nothing specific for Mageia, as this basically affects nearly everyone in some kind of way, even when it's not directly on your own Mageia install.
BTW your link seems to be incomplete, probably this one: https://github.com/rubo77/log4j_checker_beta

If you're not a developer, to understand the issue at hand and some context information and also some hints on how to avoid or fix this, have a look at e.g. https://www.youtube.com/watch?v=7qoPDq41xhQ

2.17 release of log4j is now available as update