You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What are the plans to update PWM to support a fixed version of Log4J?
Can we take measures ourselves, and install a newer version of Log4J.jar over the old version without breaking things?
The text was updated successfully, but these errors were encountered:
You might have heard about the Log4J zero-day vulnerability, https://access.redhat.com/security/cve/CVE-2021-44228.
PWM ships with Log4J version 1.2.17 which is unsupported but also contains this vulnerability, https://access.redhat.com/security/cve/CVE-2021-4104.
What are the plans to update PWM to support a fixed version of Log4J?
Can we take measures ourselves, and install a newer version of Log4J.jar over the old version without breaking things?
The text was updated successfully, but these errors were encountered: