Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: zendavidr on December 16, 2021, 11:54:39 am

Title: Impact of log4j zero day on Zentyal components
Post by: zendavidr on December 16, 2021, 11:54:39 am
I'm sure many are aware of this issue first reported last week (https://thecyphere.com/blog/log4j-vulnerability/) and wonder if anyone has determined vulnerability of components in Zentyal versions and any patches needed.  I'm on Commercial 6.2
Title: Re: Impact of log4j zero day on Zentyal components
Post by: turalyon on December 17, 2021, 11:46:18 am
Hi,

Zentyal uses Perl not Java, so, all the components that Zentyal has developed are not affected to the log4j vulnerability.

Aparently, if the package 'apache-log4j2' wasn't installed by any dependency, it is nothing to worry about.

* https://ubuntu.com/security/notices/USN-5192-1

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".