You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is to highlight that a zero-day exploit has been found in the log4j library. Please refer to this blog.
A zero-day exploit in log4j library rendering all java software using log4j vulnerable.
As per my quick investigation, I see the Legacy OpenSRP application uses log4j for logging, and the following main repos/services are affected:
- opensrp-server-web
- opensrp-server-core
FHIR Core: FHIR JPA Server Repo does not use log4j. But
Hapi-Fhir: Module (hapi-fhir-jpaserver-base) pom holds dependency of log4j with artifactId as log4j-to-slf4j.
hapi-fhir-opensrp-extensions : Custom Repo with extensions built on top of hapi-fhir JPA Server hosted by ONA/Opensrp
Solution:
We need to update it to the latest version 2.15.0
This is to highlight that a zero-day exploit has been found in the log4j library. Please refer to this blog.
A zero-day exploit in log4j library rendering all java software using log4j vulnerable.
As per my quick investigation, I see the Legacy OpenSRP application uses
log4j
for logging, and the following main repos/services are affected:FHIR Core: FHIR JPA Server Repo does not use log4j. But
(hapi-fhir-jpaserver-base)
pom holds dependency of log4j with artifactId as log4j-to-slf4j.hapi-fhir-opensrp-extensions :
Custom Repo with extensions built on top of hapi-fhir JPA Server hosted by ONA/OpensrpSolution:
We need to update it to the latest version
2.15.0
cc : @dubdabasoduba @maimoonak @f-odhiambo
The text was updated successfully, but these errors were encountered: