[ovirt-users] Re: oVirt and log4j vulnerability
On Mon, December 13, 2021 8:04 am, Gianluca Cecchi wrote:
>
If I understood correctly reading here:
https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache...
you are protected by the RCE if java is 1.8 and greater than 1.8.121
(released on 2017)
Do you mean 1.8.0.121? For example, my system has:
java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64
-derek
--
Derek Atkins 617-623-3745
derek(a)ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant