Plesk for Windows Plesk for Linux kb: technical
- Plesk for Linux
- Plesk for Windows
CVE-2021-44228 is a vulnerability in Apache Log4j which is a Java library. So, this vulnerability may affect Java-based applications only.
Plesk does not use Java internally, so Plesk is not affected by this vulnerability. Since Tomcat support in Plesk was dropped in Plesk 17.8, Plesk does not support users' Java-based applications.
Call to action
No additional actions are required.
I just fired a "find" command to see if theres anything left with log4j on the server. I found some log4j entries in the microupdates folder (./parallels/PSA_17.8.11/microupdates/MU70/dist-deb-Ubuntu-16.04-x86_64/pmm-ras).
Is there any todo here for me or can this be ignored?
Thanks in advance!
Same Question as Michael
Michael Lang, Lenusch thank you for this question.
You may safely ignore it. pmm-ras does not use Java. It uses log4cpp library which is compatible with log4j, but it is not affected by this vulnerability.
Solutions seems to be published here:
Where two ModSecurity changes should do the job:
Please sign in to leave a comment.