Before the Christmas holidays, all Czech and foreign media reported on the vulnerability of the most popular java logging framework log4j, which is part of not only Apache products. To avoid possible problems, please, upgrade at least to version 2.15.0-rc2.
If you use any applications accessible from the Internet, that use the log4j for logging, please pay it attention. A warning under CVE-2021-44228 was published on December 10, 2021 told about the vulnerability of this logging framework, which have caused so far a lot of damage in hundreds of Czech and foreign systems within a few days due to its simplicity.
How to prevent or eliminate this vulnerability, you can read here:
https://blog.checkpoint.com/security/protecting-against-cve-2021-44228-apache-log4j2-versions-2-14-1/
Continuously updated software list:
https://github.com/cisagov/log4j-affected-db/tree/develop
Happy, successful and safe new year 2022!
Coolhousing team
