gpt4 book ai didi

log4j - 如何为 Artifactory 替换/更新 log4j?

转载 作者:行者123 更新时间:2023-12-01 23:08:44 30 4
gpt4 key购买 nike

JFrog有更换/升级log4j模块的说明吗?

最佳答案

这是 JFrog 的正式回答。免责声明,我在 JFrog 工作

On 10 December 2021, a RCE (remote code execution) exploit was exposed on several versions of the Apache Log4j 2 utility.

Affected code exists in log4j core libraries: log4j-core-*.jar, versions 2.0 to 2.14.1.

Following internal research and validation by the JFrog Security and R&D teams, we can confirm that JFrog services are not affected by this vulnerability (CVE-2021-44228). First, we have validated that JFrog services are not configured to implement the log4j-core package. Additionally, we can confirm that the JDK version used in JFrog services (e.g. Artifactory) contain default protection against remote class loading via JNDI objects. Therefore, no action is required by JFrog customers regarding this issue for JFrog solutions.

JFrog Security and Xray product teams have updated the Xray database with CVE information regarding this vulnerability, and this information will be available for Xray customers to assist in detection and remediation across customer portfolios.

JFrog has examined and validated that none of the following products reference the vulnerable libraries:

Artifactory 6.x and 7.x, and the accompanying Access service

  • Xray
  • Distribution
  • Mission Control
  • Insights

来源:GENERAL: JFrog Services Are Not Affected by Vulnerability CVE-2021-44228

关于log4j - 如何为 Artifactory 替换/更新 log4j?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70309665/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com