Dear Uyuni users, With regard to the latest publication of the Log4Shell vulnerability [1], we can announce that as to our current knowledge Uyuni installations are not affected. Log4j is used in Uyuni, but we are shipping version 1.2.17 (from openSUSE Leap 15.3) which apparently is showing that specific problem only when it is configured to use JMSAppender [2]. This is not the case in Uyuni as long as the log4j configuration has not manually been changed to use it. A general fix for the 1.2.17 package is currently being worked on and should become available soon. Best regards, Johannes Renner [1] https://nvd.nist.gov/vuln/detail/CVE-2021-44228 [2] https://access.redhat.com/security/cve/CVE-2021-4104 -- Johannes Renner - Engineering Manager, SUSE Manager; R&D SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Ivo Totev
With regard to the latest publication of the Log4Shell vulnerability [1], we can announce that as to our current knowledge Uyuni installations are not affected.
Thank you for the announcement. That's one in a very long list today that I can scratch off!
participants (2)
-
Johannes Renner
-
Simon Avery