Apache Log4j2 vulnerability for Liferay 7.2.1 CE and Elastic search

Karthik Nainupatruni, modified 3 Years ago.

Junior Member Posts: 28 Join Date: 5/5/15 Recent Posts

Hi All,
We have been using the Liferay CE 7.2.1 GA2 and Elastic search 6.4.3 in our project.

With persisting latest effect of log4J Shell Vulnerability issue , we have been added -Dlog4j2.formatMsgNoLookups=true in JVM options however Apache log4j project saying is not 100% safe by adding this configuration.

Here are my 2 questions to the Liferay community ,Kindly answer or throw some insight on this.

1) How to mitigate Log4j Shell vulnerability issue for LR and Elatci search?

2) how to apply log4J 2.17.0 version in Liferay and elastic search?

https://liferay.dev/blogs/-/blogs/log4j2-vulnerability-fixing-the-jar?_com_liferay_blogs_web_portlet_BlogsPortlet_showFlags=true&scroll=_com_liferay_blogs_web_portlet_BlogsPortlet_discussionContainer

Community

Company

Feedback

Ask Questions and Find Answers

Important:

Ask is now read-only. You can review any existing questions and answers, but not add anything new.

But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:

discuss.liferay.com

Apache Log4j2 vulnerability for Liferay 7.2.1 CE and Elastic search