Hi, although it's unlikely that this configuration got changed in our installation, I'd like to check it. Can someone tell me which file contains the log4j configuration? TIA! Regards, Tobias Crefeld. -----Ursprüngliche Nachricht----- Von: Johannes Renner [mailto:jrenner@suse.de] Gesendet: Montag, 13. Dezember 2021 15:52 An: uyuni-users@opensuse.org; uyuni-announce@opensuse.org Betreff: Log4Shell announcement (CVE-2021-44228) Dear Uyuni users, With regard to the latest publication of the Log4Shell vulnerability [1], we can announce that as to our current knowledge Uyuni installations are not affected. Log4j is used in Uyuni, but we are shipping version 1.2.17 (from openSUSE Leap 15.3) which apparently is showing that specific problem only when it is configured to use JMSAppender [2]. This is not the case in Uyuni as long as the log4j configuration has not manually been changed to use it. A general fix for the 1.2.17 package is currently being worked on and should become available soon. Best regards, Johannes Renner [1] https://nvd.nist.gov/vuln/detail/CVE-2021-44228 [2] https://access.redhat.com/security/cve/CVE-2021-4104