Apache Log4j2 vulnerability for Liferay 7.2.1 CE and Elastic searchApache Log4j2 vulnerability for Liferay 7.2.1 CE and Elastic searchhttps://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=1213079362026-04-03T19:40:05Z2026-04-03T19:40:05ZApache Log4j2 vulnerability for Liferay 7.2.1 CE and Elastic searchKarthik Nainupatrunihttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1213079352021-12-24T08:47:19Z2021-12-24T08:47:19Z<p>Hi All,<br /> We have been using the Liferay CE 7.2.1 GA2 and Elastic
search 6.4.3 in our project.</p>
<p>With persisting latest effect of log4J Shell Vulnerability issue ,
we have been added <strong>-Dlog4j2.formatMsgNoLookups=true in
</strong>JVM options however Apache log4j project saying is not 100%
safe by adding this configuration.</p>
<p>Here are my 2 questions to the Liferay community ,Kindly answer or
throw some insight on this.</p>
<p>1) How to mitigate Log4j Shell vulnerability issue for LR and Elatci search?</p>
<p>2) how to apply <strong>log4J 2.17.0 </strong>version in Liferay and
elastic search?</p>
<p> </p>
<p>
<a href="https://liferay.dev/blogs/-/blogs/log4j2-vulnerability-fixing-the-jar?_com_liferay_blogs_web_portlet_BlogsPortlet_showFlags=true&scroll=_com_liferay_blogs_web_portlet_BlogsPortlet_discussionContainer">https://liferay.dev/blogs/-/blogs/log4j2-vulnerability-fixing-the-jar?_com_liferay_blogs_web_portlet_BlogsPortlet_showFlags=true&scroll=_com_liferay_blogs_web_portlet_BlogsPortlet_discussionContainer</a></p>Karthik Nainupatruni2021-12-24T08:47:19Z