[Vtigercrm-developers] log4j security vulnerability for report modules
Prasad
prasad at vtiger.com
Sun Dec 19 05:08:52 GMT 2021
Which Jar file are you referring to in the CRM source?
On Fri, Dec 17, 2021 at 7:59 PM Rubén A. Estrada Orozco <rulotec1 at gmail.com>
wrote:
> still, I guess it's better to get rid of those jar files mentioned by
> Angelo.
>
> Saludos
>
> Rubén
>
>
> On Thu, Dec 16, 2021 at 8:45 AM Prasad <prasad at vtiger.com> wrote:
>
>> Log4J vulnerability is more confined to the Java platform.
>> Its port on other languages are safe.
>>
>> Regards,
>> Prasad
>>
>> On Thu, Dec 16, 2021 at 3:22 AM Sukhdev Mohan <s.mohan at myti.it> wrote:
>>
>>> Is there any official modules or extension that uses log4j? Pho porting
>>> of the same should not be vulnerable as far as I know.
>>>
>>> Il mer 15 dic 2021, 22:46 Angelo Paglialonga <info at angelopaglialonga.com>
>>> ha scritto:
>>>
>>>> Hi @All if you have reports or charts using highcharts in any of your
>>>> vtiger custom modules, beware of log4j jar package inside of it.
>>>> It threatens the security of your server! I’ve deleted the jar files
>>>> from my clients systems, I suggest you to do the same.
>>>>
>>>> https://gizmodo.com/log4j-just-how-screwed-are-we-1848199547
>>>>
>>>>
>>>> _______________
>>>>
>>>> Angelo Paglialonga
>>>> Consulente per soluzioni CRM ad alto ROI.
>>>>
>>>> Telefono: 3386077866
>>>> Skype: angelo.paglialonga
>>>> Web: https://www.angelopaglialonga.com
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20211219/35ca03b9/attachment.html>
More information about the vtigercrm-developers
mailing list