[Vtigercrm-developers] log4j security vulnerability for report modules
Rubén A. Estrada Orozco
rulotec1 at gmail.com
Fri Dec 17 14:25:15 GMT 2021
still, I guess it's better to get rid of those jar files mentioned by
Angelo.
Saludos
Rubén
On Thu, Dec 16, 2021 at 8:45 AM Prasad <prasad at vtiger.com> wrote:
> Log4J vulnerability is more confined to the Java platform.
> Its port on other languages are safe.
>
> Regards,
> Prasad
>
> On Thu, Dec 16, 2021 at 3:22 AM Sukhdev Mohan <s.mohan at myti.it> wrote:
>
>> Is there any official modules or extension that uses log4j? Pho porting
>> of the same should not be vulnerable as far as I know.
>>
>> Il mer 15 dic 2021, 22:46 Angelo Paglialonga <info at angelopaglialonga.com>
>> ha scritto:
>>
>>> Hi @All if you have reports or charts using highcharts in any of your
>>> vtiger custom modules, beware of log4j jar package inside of it.
>>> It threatens the security of your server! I’ve deleted the jar files
>>> from my clients systems, I suggest you to do the same.
>>>
>>> https://gizmodo.com/log4j-just-how-screwed-are-we-1848199547
>>>
>>>
>>> _______________
>>>
>>> Angelo Paglialonga
>>> Consulente per soluzioni CRM ad alto ROI.
>>>
>>> Telefono: 3386077866
>>> Skype: angelo.paglialonga
>>> Web: https://www.angelopaglialonga.com
>>>
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20211217/fe9741b1/attachment.html>
More information about the vtigercrm-developers
mailing list