Hi,
We see DHIS2 uses log4j - any word on vulnerability to the current exploits?
With thanks,
Craig
1 Like
@phil publish on note about this 2 days ago with the versions affected by the log4j 2 vulnerability.
Check it out
2 Likes
Hi @craig
Yes, as @kose pointed out, we have mitigation steps and patches available in this post: Urgent Log4j server security vulnerability - REQUIRES IMMEDIATE ATTENTION!
We reached out on several channels (CoP, newsletter/email, slack) but if you know of any implementations that have not received the announcement, please pass on the info/link.
Kind regards,
Phil
(I’ll add Log4j explicitly to the title)
2 Likes
Thanks - we use it - I just looked on dev channel- should have looked at announcements!
1 Like
Also make sure you subscribe to the dhis2-security tag as explained here New 'dhis2-security' tag for all important security alerts!
2 Likes