Is Plesk affected by CVE-2021-44228 vulnerability in log4j package of Apache?

Follow

Comments

3 comments

  • Avatar
    Michael Lang

    Hey, 

    I just fired a "find" command to see if theres anything left with log4j on the server. I found some log4j entries in the microupdates folder (./parallels/PSA_17.8.11/microupdates/MU70/dist-deb-Ubuntu-16.04-x86_64/pmm-ras).

    Is there any todo here for me or can this be ignored?

    Thanks in advance!
    Michael

     

    2
    Comment actions Permalink
  • Avatar
    Lenusch

    Same Question as Michael 

    1
    Comment actions Permalink
  • Avatar
    Vitaly Zhidkov

    Michael Lang, Lenusch thank you for this question.

    You may safely ignore it. pmm-ras does not use Java. It uses log4cpp library which is compatible with log4j, but it is not affected by this vulnerability.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request