Objevena nová zranitelnost systémů využívající Log4j
Zde je podrobný seznam ohrožených Apache projektů:
Project | Status |
Apache Archiva | Affected, release 2.2.6 will address this |
Apache Calcite Avatica | Affected, update to 1.20.0 |
Apache Camel | Not affected |
Apache CloudStack | Not Affected |
Apache Druid | Affected, update to 0.22.1 |
Apache EventMesh | Affected |
Apache Flink | Affected |
Apache Fortress | Affected, update to 2.0.7 |
Apache Geode | Affected, update to 1.12.6, 1.13.5, 1.14.1 |
Apache Guacamole | Not Affected |
Apache Hadoop | Not affected, uses log4j 1.x |
Apache Hive | Affected |
Apache HTTP Server (httpd) | Not affected |
Apache Iceberg | Not Affected |
Apache Jena | Affected, update to 4.3.1 |
Apache JMeter | Affected |
Apache JSPWiki | Affected |
Apache Log4J 1.2 | Not Affected, see CVE-2021-4104. Note Log4j 1.x is EOL since 2015. |
Apache Log4J 2.x | Affected, update to 2.16.0 |
Apache Log4Net | Not affected |
Apache Maven | Not affected, Maven 3.1+ uses lsf4j simple-logger |
Apache OFBiz | Affected, update to 18.12.03 |
Apache Ozone | Affected, update to 1.2.1 |
Apache SkyWalking | Affected, update to 8.9.1 |
Apache Solr | Affected, update to 8.11.1 |
Apache Spark | Not affected, uses log4j 1.x |
Apache Struts | Affected |
Apache Tomcat | Not Affected |
Apache TrafficControl | Affected |
Apache ZooKeeper | Not affected, uses log4j 1.x |
Zdroj informací: