Apache log4j CVE
by Linux_Kidd from LinuxQuestions.org on (#5T1NV)
Anyone can answer this?
Was the fix for log4j(2) changed in the v15 API or CORE jar file?
I ask because one thought of remediation is to surgically swap out just one jar file on the system to remediate the attack vector.
log4j is a package of various jar files, but now wondering where Apache did the actual fixing.
Or did they fix anything at all? Did they just supply a new package that has modified default properties?
Was the fix for log4j(2) changed in the v15 API or CORE jar file?
I ask because one thought of remediation is to surgically swap out just one jar file on the system to remediate the attack vector.
log4j is a package of various jar files, but now wondering where Apache did the actual fixing.
Or did they fix anything at all? Did they just supply a new package that has modified default properties?