hotpatch-for-apache-log4j2
hotpatch-for-apache-log4j2 copied to clipboard
corretto
An agent to hotpatch the log4j RCE from CVE-2021-44228.
**Note:** All instructions here assume Java 11 (OpenJDK), but I was also able to reproduce the issue with Java 8 (OpenJDK). ### Steps to reproduce - Download [an official release...
The hot patch created a lot of /tmp mount points. Since my customer collects metrics on mount points, these /tmp mount points cost customer a lot on these unwanted metrics....
Hi, The patch has been deployed in AL1 on one of our server via "yum update --security", and we had a problem with it. We have the following error in...
With CVE-2021-45105 a malicious user can cause a DoS which in most scenarios will lead to JVM restart. After restart there's a time window when an attack against CVE-2021-45046 or...
Although `-DformatMsgNoLookups=true` prevents lookups directly in the message, Format Lookups are possible when reading a property from the ThreadContext/MDC in the pattern for the message. On certain scenarios, this can...
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Add "no attach in java.library.path" issue solution. *Issue #, if available:* I encountered the problem of "no attach in java.library.path" when I was testing in the JRE environment. This pr...
Add protection against CVE-2019-17571 and CVE-2021-4104 This agent is based on https://github.com/corretto/hotpatch-for-apache-log4j2 and extends the agent to be working with Log4J 1.x: The CVE-2019-17571 --> (Log4j 1.2 is a SocketServer...
Build and publish the current jar output and validate it can be used with at least 8, 11, 15 and 17
The current tests are based on a simple shell script. Move those tests into gradle and stop including a log4j jar for testing.