1. Home
  2. Portal
  3. RE: CVE-2021-44228 mitigation needed?

RE: CVE-2021-44228 mitigation needed?

thumbnail
Jamie Sammons, modified 3 Years ago.
CVE-2021-44228 mitigation needed?
Expert Posts: 401 Join Date: 8/22/07 Recent Posts

Hi all,

Just wondering if we should panic about log4j's CVE-2021-44228. Anybody looked into this already?

TIA

Fernando

application security
thumbnail
Fernando Fernandez, modified 3 Years ago.
RE: CVE-2021-44228 mitigation needed? (Answer)
Liferay Legend Posts: 6441 Join Date: 9/23/08 Recent Posts

As this server had a few issues publishing posts: By now most of the excitement might be gone, but for completeness: https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability

thumbnail
Fredi B, modified 3 Years ago.
RE: RE: CVE-2021-44228 mitigation needed?
Junior Member Posts: 69 Join Date: 4/1/20 Recent Posts

Cool and relaxed answer.

However, in your linked blog article there are different answers to OPs Question.

David and Liferay-Support communicate Liferay-Versions below 7.4 do not use the affected Version.

Community and our intern audit reveal that Liferay-Versions below 7.4 do atleast bring along a affected Version.

Is it possible to atleast get a concrete statement to the affected version?

Who can answer the question better than Liferay-Employees or Gurus?