Do B4X environments use log4j libraries?
Are we also affected in some way by the problem described?
Are we also affected in some way by the problem described?
-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
B4J Question LOG4J problem - are we interested in it too?
- Thread starter amorosik
- Start date
- Similar Threads Similar Threads
Even if.
Just check your library folder and DELETE any OLD log4j Versions and make sure to only have a Version 2.15.0+ installed. Any older Versions should be replaced.
Just check your library folder and DELETE any OLD log4j Versions and make sure to only have a Version 2.15.0+ installed. Any older Versions should be replaced.
Upvote
0
Is not very simple
-Arduino
-Microchip MpLab
-Stm Atollic Studio
- MqttFx
-Stm CubeIDE
-Android Studio
-iMyFone iTranstor
-Penthao
-Jaybird
-Sequoia Erp
........
...only on the first pc scanned
Brrrrrrr, I'm starting to worry
Upvote
0
Searching for log4j in my whole HDD I found below
With reference from https://logging.apache.org/log4j/2.x/ , these seems to be very old to be affected.
G:\Java\NetBeans 8.2\java\modules\ext\hibernate4\log4j-1.2.12.jar
G:\Java\NetBeans 8.2\java\modules\ext\hibernate4\slf4j-log4j12-1.6.1.jar
G:\Java\NetBeans 8.2\extide\ant\lib\ant-apache-log4j.jar
G:\Java\NetBeans 8.2\ide\modules\ext\log4j-1.2.15.jar
They are in Netbeans which is used by my son for school project (they teach Java on Netbeans)With reference from https://logging.apache.org/log4j/2.x/ , these seems to be very old to be affected.
Upvote
0
"The patch (2.15.+) released to close the Java Library vulnerability Log4J also introduces two serious vulnerabilities. The never ending story..."
Dec 15 2021: Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0.
Dec 18 2021: Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability: The Apache Software Foundation published a new Log4j patch late on Friday after discovering issues with 2.16.0
Upvote
0
sethujaganathan.s
New Member
I am trying to fix log4j vulnerability for my applications which were old and using 2.2/2.5 version of Log4j. But still running on JDK 1.8. The advised version to avoid log4j issue is to go for Log4j 2.17.1/Log4j 2.17.2 but when I try that it is passing in the build but failing in deployment to Oracle Weblogic server with generic message stating below error message:
<Error> <Deployer> < <bb_ms_1> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <28744a88-9cc0-436c-977c-a54240e13a00-00000004> <1650993633947> <BEA-149205> <Failed to initialize the application "BBADMINUIAPP" due to error weblogic.application.ModuleException
weblogic.application.ModuleException
at weblogic.ejb.container.deployer.EjbModuleExtensionFactory.create(EjbModuleExtensionFactory.java:26)
at weblogic.application.internal.ExtensibleModuleWrapper.createModuleExtensions(ExtensibleModuleWrapper.java:264)
at weblogic.application.internal.ExtensibleModuleWrapper.initDrivenObjectArray(ExtensibleModuleWrapper.java:232)
at weblogic.application.internal.ExtensibleModuleWrapper.prepare(ExtensibleModuleWrapper.java:107)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:100)
at weblogic.application.internal.flow.ModuleStateDriver$1.next(ModuleStateDriver.java:175)
at weblogic.application.internal.flow.ModuleStateDriver$1.next(ModuleStateDriver.java:170)
at weblogic.application.utils.StateMachineDriver$ParallelChange.run(StateMachineDriver.java:80)
at weblogic.work.ContextWrap.run(ContextWrap.java:40)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:553)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
>
Deployment is successful when I try to use 2.2/2.5 version of Lo4j.
Is there any compatibility issue in this leap jump from 2.2 to 2.17.2? Any inputs suggestions or help would be much appreciated.
<Error> <Deployer> < <bb_ms_1> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <28744a88-9cc0-436c-977c-a54240e13a00-00000004> <1650993633947> <BEA-149205> <Failed to initialize the application "BBADMINUIAPP" due to error weblogic.application.ModuleException
weblogic.application.ModuleException
at weblogic.ejb.container.deployer.EjbModuleExtensionFactory.create(EjbModuleExtensionFactory.java:26)
at weblogic.application.internal.ExtensibleModuleWrapper.createModuleExtensions(ExtensibleModuleWrapper.java:264)
at weblogic.application.internal.ExtensibleModuleWrapper.initDrivenObjectArray(ExtensibleModuleWrapper.java:232)
at weblogic.application.internal.ExtensibleModuleWrapper.prepare(ExtensibleModuleWrapper.java:107)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:100)
at weblogic.application.internal.flow.ModuleStateDriver$1.next(ModuleStateDriver.java:175)
at weblogic.application.internal.flow.ModuleStateDriver$1.next(ModuleStateDriver.java:170)
at weblogic.application.utils.StateMachineDriver$ParallelChange.run(StateMachineDriver.java:80)
at weblogic.work.ContextWrap.run(ContextWrap.java:40)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:553)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
>
Deployment is successful when I try to use 2.2/2.5 version of Lo4j.
Is there any compatibility issue in this leap jump from 2.2 to 2.17.2? Any inputs suggestions or help would be much appreciated.
Upvote
0
Similar Threads
- Question