https://stoeps.de/tags/log4j/ Recent content in Log4j on Hugo -- gohugo.io en christoph.stoettner@stoeps.de (Christoph Stoettner) christoph.stoettner@stoeps.de (Christoph Stoettner) &copy; 2026 Christoph Stöttner - This work is licensed under [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/) <span class='footerimg'><img src='https://mirrors.creativecommons.org/presskit/icons/cc.svg' alt='' style='max-width: 1em;max-height:1em;margin-left: .2em;'><img src='https://mirrors.creativecommons.org/presskit/icons/by.svg' alt='' style='max-width: 1em;max-height:1em;margin-left: .2em;'><img src='https://mirrors.creativecommons.org/presskit/icons/sa.svg' alt='' style='max-width: 1em;max-height:1em;margin-left: .2em;'></span> Sat, 11 Dec 2021 17:41:38 +0200 https://stoeps.de/posts/2021/log4j_how_to_find_out/ Sat, 11 Dec 2021 17:41:38 +0200 christoph.stoettner@stoeps.de (Christoph Stoettner) https://stoeps.de/posts/2021/log4j_how_to_find_out/ <p><strong>Update <del>2021-12-13</del> 2021-12-15</strong></p> <ul> <li><a href="https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476" target="_blank" rel="noreferrer">Elasticsearch: Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31</a></li> <li><a href="https://support.hcltechsw.com/csm?id=kb_article&amp;sysparm_article=KB0095490" target="_blank" rel="noreferrer">HCL: CVE-2021-44228 : Security Advisory</a></li> <li><a href="https://www.ibm.com/support/pages/node/6525706?myns=swgws&amp;mynp=OCSSEQTP&amp;mync=E&amp;cm_sp=swgws-_-OCSSEQTP-_-E" target="_blank" rel="noreferrer">IBM: Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)</a></li> <li><a href="https://support.hcltechsw.com/csm?id=kb_article&amp;sysparm_article=KB0095498" target="_blank" rel="noreferrer">Security Bulletin: HCL Connections Security Update for Apache Log4j 2 Vulnerability (CVE-2021-44228)</a></li> <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046" target="_blank" rel="noreferrer">CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.</a></li> </ul> <p>So there is a fix for <code>kc.war</code> which updates the <code>log4j</code> 2.8 to 2.15, Elasticsearch in Component Pack has log4j 2.8 and 2.11 included <del>but is not vulnerable because of additional security settings.</del></p>