None of Synology's products are affected as CVE-2021-44228 only affects products equipped with log4j 2.
Continue reading...
- - -
Source: synology.com
Continue reading...
- - -
Source: synology.com
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Well java itself won't be affected as it's an external dependency. But I'd be surprised if a 3rd party package that depends on java would not be affected. Afterall log4j is still the most widespread logging framework used in the java-verse. It even hits people that use a logging facade like slf4j which may use it as their logging framework under the hood.Interesting... so Java packages are unaffected? Any 3rd party packages confirmed?
gci 'C:\' -rec -force -include *.jar -ea 0 | foreach {select-string "JndiLookup.class" $_} | select -exp Path
find / 2>/dev/null -regex ".*.jar" -type f | xargs -I{} grep JndiLookup.class "{}".class "{}"
\; > /var/log/log4j-find.txt
for every image, I use Grype as the first instance of checking:Just keep in mind that this means the search will succeed for containers, but not for images.
https://github.com/anchore/grype
grype jacobalberty/unifi:latest
docker scan jacobalberty/unifi:latest --severity high
We use essential cookies to make this site work, and optional cookies to enhance your experience.