[Vtigercrm-developers] log4j security vulnerability for report modules
Rubén A. Estrada Orozco
rulotec1 at gmail.com
Fri Dec 17 14:25:15 GMT 2021
still, I guess it's better to get rid of those jar files mentioned by
On Thu, Dec 16, 2021 at 8:45 AM Prasad <prasad at vtiger.com> wrote:
> Log4J vulnerability is more confined to the Java platform.
> Its port on other languages are safe.
> On Thu, Dec 16, 2021 at 3:22 AM Sukhdev Mohan <s.mohan at myti.it> wrote:
>> Is there any official modules or extension that uses log4j? Pho porting
>> of the same should not be vulnerable as far as I know.
>> Il mer 15 dic 2021, 22:46 Angelo Paglialonga <info at angelopaglialonga.com>
>> ha scritto:
>>> Hi @All if you have reports or charts using highcharts in any of your
>>> vtiger custom modules, beware of log4j jar package inside of it.
>>> It threatens the security of your server! I’ve deleted the jar files
>>> from my clients systems, I suggest you to do the same.
>>> Angelo Paglialonga
>>> Consulente per soluzioni CRM ad alto ROI.
>>> Telefono: 3386077866
>>> Skype: angelo.paglialonga
>>> Web: https://www.angelopaglialonga.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vtigercrm-developers