[Oskari-user] Current plans regarding Log4J

Mäkinen Sami (MML) sami.makinen at maanmittauslaitos.fi
Sun Dec 19 23:30:55 PST 2021


Hi everyone,

Another day another news from Log4J it seems: They have released a new version (2.17) to fix a new vulnerability regarding context-lookups for logging. ThreadContext and ${ctx:param} logging pattern are not used in Oskari codebase so this isn't an issue for us directly. However if you have application specific customization that uses these you should look into the issue more thoroughly.

The current plan is to update Log4J to the latest version on the next scheduled release mid-January. Of course this can be adjusted if new details emerge.

Cheers,
Sami
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/oskari-user/attachments/20211220/1f37cbc8/attachment.html>


More information about the Oskari-user mailing list