Log4j zero-day exploit

I know some of you use java and or apache for your xojo backends, you might not be aware of this critical issue that was made public in the last 24 hours, if you log anything through log4j that can be input by a user then you are open to this attack:

https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/
https://logging.apache.org/log4j/2.x/security.html

2 Likes

Thanks for the alert! Don’t use it but it is good to know known exploits

FileMaker uses Java, and there’s a discussion here about whether it is/is not vulnerable: Claris Community (English)

1 Like