Objevena nová zranitelnost systémů využívající Log4j
Zde je podrobný seznam ohrožených Apache projektů:
| Project | Status |
| Apache Archiva | Affected, release 2.2.6 will address this |
| Apache Calcite Avatica | Affected, update to 1.20.0 |
| Apache Camel | Not affected |
| Apache CloudStack | Not Affected |
| Apache Druid | Affected, update to 0.22.1 |
| Apache EventMesh | Affected |
| Apache Flink | Affected |
| Apache Fortress | Affected, update to 2.0.7 |
| Apache Geode | Affected, update to 1.12.6, 1.13.5, 1.14.1 |
| Apache Guacamole | Not Affected |
| Apache Hadoop | Not affected, uses log4j 1.x |
| Apache Hive | Affected |
| Apache HTTP Server (httpd) | Not affected |
| Apache Iceberg | Not Affected |
| Apache Jena | Affected, update to 4.3.1 |
| Apache JMeter | Affected |
| Apache JSPWiki | Affected |
| Apache Log4J 1.2 | Not Affected, see CVE-2021-4104. Note Log4j 1.x is EOL since 2015. |
| Apache Log4J 2.x | Affected, update to 2.16.0 |
| Apache Log4Net | Not affected |
| Apache Maven | Not affected, Maven 3.1+ uses lsf4j simple-logger |
| Apache OFBiz | Affected, update to 18.12.03 |
| Apache Ozone | Affected, update to 1.2.1 |
| Apache SkyWalking | Affected, update to 8.9.1 |
| Apache Solr | Affected, update to 8.11.1 |
| Apache Spark | Not affected, uses log4j 1.x |
| Apache Struts | Affected |
| Apache Tomcat | Not Affected |
| Apache TrafficControl | Affected |
| Apache ZooKeeper | Not affected, uses log4j 1.x |
Zdroj informací: