Skip to Content
From version 1.38
edited by gru
on 15.12.2021, 19:10
Change comment: There is no comment for this version
To version 1.39
edited by gru
on 15.12.2021, 19:11
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -8,7 +8,7 @@
8 8  
9 9  {{info}}
10 10  
11 -For installations where upgrading to the latest {{formcycle/}} version is not possible, we recommend implementing the [[vendor>>https://logging.apache.org/log4j/2.x/security.html]] recommended mitigation for __CVE-2021-44228__. For the Log4j version used by the potentially affected {{formcycle/}} versions this means setting the {{code language="none"}}-Dlog4j2.formatMsgNoLookups=true{{/code}} option in the Java options for the servlet container which is used to run {{formcycle/}}.
11 +For installations where upgrading to the latest {{formcycle/}} version is not possible, we recommend implementing the [[vendor>>https://logging.apache.org/log4j/2.x/security.html]] recommended mitigation for __CVE-2021-44228__. For the Log4j version used by the potentially affected {{formcycle/}} versions this means setting the {{code language="none"}}-Dlog4j2.formatMsgNoLookups=true{{/code}} option in the Java options for the servlet container used.
12 12  
13 13  For example, for an Apache Tomcat running on Windows, this can be done in //Tomcat Monitor// at the following location:
14 14  [[image:tomcat_log4j_settings.png||width="350"]]