A security vulnerability in the Log4j CVE-2021-44228 library (called Log4shell) allows third parties to log in and perform remote commands. Failing to update the version may result in an interception by unauthorized persons.
This security gap is found worldwide, so it is recommended to check for possible signs of intrusion and update the system to the latest version.
Based on the results of performed additional security checks, DocLogix only uses these libraries with an additional plug-in that is not installed by default in each client’s system.
What to do if you suspect that malicious activity in your system?
- Make sure the Log4j library version is up to 2.15.0
- Versions from 2.10.0 onwards:
- Change the setting
- log4j2.formatMsgNoLookups = true
- or variable
- LOG4J_FORMAT_MSG_NO_LOOKUPS = true
- Change the setting
- Version 2.7 to 2.14.1:
- Change message changer in all patterns: % m to % m {nolookups}
- Version 2.0-beta9 to 2.10.0:
- Remove JndiLookup class:
- zip -q -d log4j-core – * .jar org / apache / logging / log4j / core / lookup / JndiLookup.class
- Remove JndiLookup class:
Log4shell detector guide:
https://github.com/Neo23x0/log4shell-detector
Find more info here:
https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
https://www.lunasec.io/docs/blog/log4j-zero-day/
https://logging.apache.org/log4j/2.x/security.html
If you have additional questions regarding the use of Log4j in the DocLogix system, please contact your key account manager or sales@doclogix.lt, info@doclogix.lt.