Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Log4j vulnerability in MLeap runtime?

See original GitHub issue

The log4j core code is built into the MLeap runtime. What is the MLeap project’s action to use a patched version of log4j?

The current workaround is to add a system property to the JVM’s startup, -Dlog4j2.formatMsgNoLookups=true, via the JAVA_OPTS environment variable. But if someone relied on this functionality, a patched version would be required.


Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

jsleightcommented, Dec 20, 2021

Yes, we’re planning to ship v0.19.0 soon, so a spring upgrade probably would go in v0.19.1 release.

I just tried to simply upgrade the spring dependency version and we have some failing tests. So will need a bit of work it seems.

jsleightcommented, Jan 4, 2022

This is fixed in #797 and since we didn’t get v0.19 released prior to the holidays, I suspect we’ll include it in 0.19.0 release too.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Apache Log4j Security Vulnerabilities
This page lists all the security vulnerabilities fixed in released versions of Apache Log4j 2. Each vulnerability is given a security impact ...
Read more >
Critical vulnerability in log4j, a widely used logging library
Security researchers recently disclosed the vulnerability CVE-2021-44228 in Apache's log4j. The vulnerability is trivial to exploit.
Read more >
Is Mulesoft runtime affected by the log4j vulnerability CVE ...
Yes Mule runtimes are affected and MuleSoft is in the process of applying the patches in cloudhub. For other runtimes (on-prem, rtf, studio), ......
Read more >
Log4Shell Zero-Day Vulnerability - CVE-2021-44228 - JFrog
Understand Log4j Log4Shell vulnerability exploitation vectors, ... For example, logging the string Running ${java:runtime} will yield an ...
Read more >
Active Testing: Runtime Detection for Log4j Vulnerability in APIs
Many Noname Security customers successfully use our Active Testing functionality to identify APIs using a vulnerable version of the Log4j ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found