We see DHIS2 uses log4j - any word on vulnerability to the current exploits?
@phil publish on note about this 2 days ago with the versions affected by the log4j 2 vulnerability.
Check it out
Yes, as @kose pointed out, we have mitigation steps and patches available in this post: Urgent server security vulnerability - REQUIRES IMMEDIATE ATTENTION!
We reached out on several channels (CoP, newsletter/email, slack) but if you know of any implementations that have not received the announcement, please pass on the info/link.
(I’ll add Log4j explicitly to the title)
Thanks - we use it - I just looked on dev channel- should have looked at announcements!
Also make sure you subscribe to the dhis2-security tag as explained here New 'dhis2-security' tag for all important security alerts!