CVE-2021-44228 - log4j - Discourse anfällig?

a.harper · 11. Dezember 2021 um 13:18

Hi all

Is the vulnerable log4j library in use by Discourse - can an employee please issue a statement on potential exposure/review.

Thanks

Falco · 11. Dezember 2021 um 14:26

Log4J is a Java library. Discourse is written in Ruby, not Java.

a.harper · 11. Dezember 2021 um 15:08

Thanks, so from the hosting side of things there is no Apache and log4j there?

david · 11. Dezember 2021 um 15:26

Correct, a standard installation of Discourse doesn’t use Apache.

RGJ · 11. Dezember 2021 um 17:07

Note that any self-hosted or non-standard Discourse installs running on Apache httpd are not affected either.

The Apache HTTP server project does not use the Apache Log4J library, they are both projects from the Apache foundation so they share a name, but that’s about it.

VirgilVulpes · 16. Dezember 2021 um 21:50

Should those of us who run Discourse instances with java-based plugins disable said plugins?
(I’m definitely not a software engineer. That’s all Greek to me)

merefield · 16. Dezember 2021 um 21:52

Discourse Plugins are written in Ruby (on Rails) and Javascript (with Ember), so I’m not sure which plugins you are referring too?

NB Javascript and Java are not the same thing.

david · 20. Dezember 2021 um 09:28

Thema		Antworten	Aufrufe
Discourse and the Log4j vulnerability Announcements security	1	1086	18. März 2022
Where does Discourse store and show logs? Self-Hosting reference	7	24303	20. August 2024
Discourse Vulnerability CVE-2021-41163 Installation	11	1355	29. November 2021
LDAP Setup for Discourse Installation	33	12709	25. Februar 2025
View logs for the WP Discourse plugin Administrators wordpress , how-to	0	1883	18. Mai 2021

CVE-2021-44228 - log4j - Discourse anfällig?

Verwandte Themen