LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Log4j Vulnerability Check

Nathan Brindle <[log in to unmask]>

Tue, 14 Dec 2021 21:57:30 +0000

text/plain (2236 bytes) , text/html (6 kB)

LISTSERV itself is not affected.  LISTSERV does not use Java and does not use Log4J.

With regard to Maestro, Development says:

(1) Versions of Maestro previous to 10.0 don't include Log4J, and therefore are unaffected by any Log4j vulnerabilities.

(2) Maestro 10.x does use Log4j with a version of the library that is vulnerable to CVE-2021-44228.

(3) Maestro 10.x doesn't actively use the Log4j functions that are subject to the vulnerability (it logs user agents using a different method), so we believe that, in its default configuration, Maestro 10.x is not affected by the vulnerability.

(4) However, to be absolutely certain that Maestro is not at risk, we have released a new Maestro update (10.0-4) which includes an updated, fixed version of Log4j in which the vulnerability is fixed.

F-Secure's anti-virus products (Windows Server Security and Linux Security) are not affected, only their Policy Manager which we do not supply to our customers.

Nathan

From: LISTSERV Site Administrators' Forum <[log in to unmask]> On Behalf Of Adam Arthur
Sent: Tuesday, December 14, 2021 4:45 PM
To: [log in to unmask]
Subject: Log4j Vulnerability Check

Hello Everyone,

I am currently looking into what all might be impacted by the log4j vulnerability.  I know that LISTSERV uses F-Secure Anti-Virus and that other products of F-Secure have reported having issues with log4j.  Does anyone know if LISTSERV or F-Secure Anti-Virus has the log4j vulnerability?  Also, if there is an issue which will need to be patched, which versions could be impacted?  If it is still an unknown, then I understand, but just was curious.  Thank you for your help!  Have a great day!


Thank you for your time,
Adam L. Arthur
Enterprise Application Administrator
Information Technology Services
Bowling Green State University
Phone:  (419)-372-4945


________________________________

To unsubscribe from the LSTSRV-L list, click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1

############################

To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM