Author Topic: Impact of log4j zero day on Zentyal components  (Read 1021 times)

zendavidr

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Impact of log4j zero day on Zentyal components
« on: December 16, 2021, 11:54:39 am »
I'm sure many are aware of this issue first reported last week (https://thecyphere.com/blog/log4j-vulnerability/) and wonder if anyone has determined vulnerability of components in Zentyal versions and any patches needed.  I'm on Commercial 6.2

turalyon

  • Zen Warrior
  • ***
  • Posts: 197
  • Karma: +15/-0
    • View Profile
Re: Impact of log4j zero day on Zentyal components
« Reply #1 on: December 17, 2021, 11:46:18 am »
Hi,

Zentyal uses Perl not Java, so, all the components that Zentyal has developed are not affected to the log4j vulnerability.

Aparently, if the package 'apache-log4j2' wasn't installed by any dependency, it is nothing to worry about.

* https://ubuntu.com/security/notices/USN-5192-1

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".