Log4Shell

Announcements about Universal Media Server
Post Reply
User avatar
SubJunk
Lead Developer
Posts: 3566
Joined: Sun May 27, 2012 4:12 pm

Log4Shell

Post by SubJunk »

Hey everyone, I just wanted to assure you that UMS is not affected by the infamous Log4j exploit, AKA Log4Shell.

We do not use Log4j directly, and have used two scanners to ensure our dependencies don't include a vulnerable version too.

For scanning, we used both the Docker scanner which is powered by Snyk, as well as the open source tool Grype.

This exploit has been huge for some projects and businesses, so we have really dodged a bullet here. Our hearts go out to those affected by the exploit.
User avatar
mik_s
Moderator
Posts: 511
Joined: Wed Aug 23, 2017 11:03 pm
Location: UK

Re: Log4Shell

Post by mik_s »

That is a relief. I had only heard of exploit recently but did not know much or how prevalent it was, only that it had effected some minecraft servers or something.

Earlier today Computerphile put out a video explaining what this exploit is, how bad it has become and how it effects nearly every service on the internet. I know a lot of IT guys have had a very busy week making sure it is patched.

I have been following updates on Github for a while and I never seen any dependency updates mentioning Log4j so was fairly sure UMS did not use it but was not certain.
Logs are important for us to help, Please follow This Link before asking for support. Just a forum cleaner, Will help if I can but no expert.
Post Reply