Log4j exploitable?

Hi,
We see DHIS2 uses log4j - any word on vulnerability to the current exploits?
With thanks,
Craig

1 Like

@phil publish on note about this 2 days ago with the versions affected by the log4j 2 vulnerability.
Check it out

2 Likes

Hi @craig

Yes, as @kose pointed out, we have mitigation steps and patches available in this post: Urgent server security vulnerability - REQUIRES IMMEDIATE ATTENTION!

We reached out on several channels (CoP, newsletter/email, slack) but if you know of any implementations that have not received the announcement, please pass on the info/link.

Kind regards,
Phil

(I’ll add Log4j explicitly to the title)

2 Likes

Thanks - we use it - I just looked on dev channel- should have looked at announcements!

1 Like

Also make sure you subscribe to the dhis2-security tag as explained here New 'dhis2-security' tag for all important security alerts!

2 Likes