[Vtigercrm-developers] log4j security vulnerability for report modules

Angelo Paglialonga info at angelopaglialonga.com
Sun Dec 19 15:06:19 GMT 2021 

Hi Prasad and Ruben,
files are not in vtiger crm source, they are found in some custom modules and BI tools , I suggest to use bash command:
 sudo find / -iname "*log4j*.jar”

to look for them in the whole server and take action.
Have a nice day
_______________

Angelo Paglialonga
Consulente per soluzioni CRM ad alto ROI.

Telefono: 3386077866
Skype: angelo.paglialonga
Web: https://www.angelopaglialonga.com



> Il giorno 19 dic 2021, alle ore 06:08, Prasad <prasad at vtiger.com> ha scritto:
> 
> Which Jar file are you referring to in the CRM source?
> 
> On Fri, Dec 17, 2021 at 7:59 PM Rubén A. Estrada Orozco <rulotec1 at gmail.com> wrote:
> still, I guess it's better to get rid of those jar files mentioned by Angelo.
> 
> Saludos
> 
> Rubén
> 
> 
> On Thu, Dec 16, 2021 at 8:45 AM Prasad <prasad at vtiger.com> wrote:
> Log4J vulnerability is more confined to the Java platform. 
> Its port on other languages are safe.
> 
> Regards,
> Prasad
> 
> On Thu, Dec 16, 2021 at 3:22 AM Sukhdev Mohan <s.mohan at myti.it> wrote:
> Is there any official modules or extension that uses log4j? Pho porting of the same should not be vulnerable as far as I know.
> 
> Il mer 15 dic 2021, 22:46 Angelo Paglialonga <info at angelopaglialonga.com> ha scritto:
> Hi @All if you have reports or charts using  highcharts in any of your vtiger custom modules, beware of log4j jar package inside of it.
> It threatens the security of your server! I’ve deleted the jar files from my clients systems, I suggest you to do the same.
> 
> https://gizmodo.com/log4j-just-how-screwed-are-we-1848199547
> 
> 
> _______________
> 
> Angelo Paglialonga
> Consulente per soluzioni CRM ad alto ROI.
> 
> Telefono: 3386077866
> Skype: angelo.paglialonga
> Web: https://www.angelopaglialonga.com
> 
> 
> 
> _______________________________________________
> http://www.vtiger.com/
> _______________________________________________
> http://www.vtiger.com/
> _______________________________________________
> http://www.vtiger.com/
> _______________________________________________
> http://www.vtiger.com/
> _______________________________________________
> http://www.vtiger.com/

More information about the vtigercrm-developers mailing list