Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2021-12-11 18:44:38

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,091
Website Mastodon

Log4Shell

What fresh hell is this?
Recently uncovered software flaw ‘most critical vulnerability of the last decade’
Log4Shell grants easy access to internal networks, making them susceptible to data loot and loss and malware attacks


…. texted postive

Offline

#2 2021-12-14 19:03:04

colin99
Member
Registered: 2005-11-15
Posts: 68

Re: Log4Shell

Was thinking about this – just this morning – what the implications would be for us Textpattern (and to a much, much, much, much, lesser extent… Joomla and Wordpress hounds…)

Of all things that I worry about – I’d say that Textpattern creates the least amount of lost sleep…
Joomla being a bit more worrying – and (well, obviously…) Wordpress and all its grossly unvetted plugins causes the most insomnia.


On the World Wide Web since Day 1 – Editor/Creator – Coffeecrew.comCoffee.bc.ca
Twitter – Twitter.Com/CoffeeCrew -

Offline

#3 2021-12-14 19:16:04

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,091
Website Mastodon

Re: Log4Shell

Opalstack have been very proactive and have this bit on their support forums:

“Log4Shell” is a zero-day vulnerability in the Apache Log4j Java library disclosed on 9 December 2021. Y

The vulnerability is present in Log4j v2.0 through 2.14.x.

Opalstack web servers have log4j 1.2.17 installed. This version is not affected.

Customers running their own Java applications should check their apps’ dependencies to ensure that they aren’t running a vulnerable version of log4j, and if so then update it to v2.15.0.

so the solution it seems is to update to 2.15.0.


…. texted postive

Offline

#4 2021-12-14 19:16:27

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,259
GitHub

Re: Log4Shell

bici wrote #332170:

What fresh hell is this?

From a sysadmin point of view, this is a rotten cherry on the crappy icing on a really tiresome cake for this year. I’ve lost track of the reactive patching, upgrades, and other security stuff in 2021. The biggest pain point is clients who just don’t get the importance of cybersecurity, don’t want to pay for it, and then whine when reactive work takes a bunch of time (and £$€ on the invoice) that they hadn’t budgeted for.

Offline

Board footer

Powered by FluxBB