python (12.9k questions)

javascript (9.2k questions)

reactjs (4.7k questions)

java (4.2k questions)

java (4.2k questions)

c# (3.5k questions)

c# (3.5k questions)

html (3.3k questions)

Questions - cve-2021-44228

Leveraging Java's sandbox to mitigate CVE-2021-44228( log4j2 remote code execution)?

The java-security-manager-deprecation not withstanding JEP-411 (Deprecate the Security Manager for Removal), would enabling sandbox mechanism by leveraging the java security-manager (and associated cl...
test-img

Ravindra HV

java

log4j2

sandbox

cve-2021-44228

Votes: 0

Answers: 1

Latest Answer

Note - As per the original JEP-411 entry, the approach to securing environment is by alternate means, including and not limited to - use of containers !
test-img

Ravindra HV

Python logging module & indirect log4j vulnerability exposure?

Since the python logging package is based on PEP 282 and influenced by Apache's log4j system, does this package is impacted by the recent log4j vulnerabilities? My knowledge of this particular module ...
test-img

Billie

python

logging

log4j

cve-2021-44228

Votes: 0

Answers: 1

Latest Answer

It's not affected (disclosure: I'm the maintainer of Python logging), because Python logging is not a direct port of log4j, just influenced by it (in part). There are no equivalents in Python logging ...
test-img

Vinay Sajip

fix for log4j vulnerability (CVE-2021-44228) for Apache storm?

There is no version of apache storm which doesn't use log4j 2.x version (which is affected by CVE-2021-44228 vulnerability). I found this fix on log4j website: you may remove the **JndiLookup** class ...
test-img

navneet sharma

log4j

apache-storm

cve-2021-44228

Votes: 0

Answers: 1

Latest Answer

There is a recent Storm 2.4.0 release in March 2022 that addressed your concerns. Alternatively, you can manually patch it using the principles of Java class loading mechanism: Identify and download ...
test-img

Peteriman Jackson

Posts

Questions

Blogs

Jobs