Log4Shell
Log4Shell
Hey everyone, I just wanted to assure you that UMS is not affected by the infamous Log4j exploit, AKA Log4Shell.
We do not use Log4j directly, and have used two scanners to ensure our dependencies don't include a vulnerable version too.
For scanning, we used both the Docker scanner which is powered by Snyk, as well as the open source tool Grype.
This exploit has been huge for some projects and businesses, so we have really dodged a bullet here. Our hearts go out to those affected by the exploit.
We do not use Log4j directly, and have used two scanners to ensure our dependencies don't include a vulnerable version too.
For scanning, we used both the Docker scanner which is powered by Snyk, as well as the open source tool Grype.
This exploit has been huge for some projects and businesses, so we have really dodged a bullet here. Our hearts go out to those affected by the exploit.
Re: Log4Shell
That is a relief. I had only heard of exploit recently but did not know much or how prevalent it was, only that it had effected some minecraft servers or something.
Earlier today Computerphile put out a video explaining what this exploit is, how bad it has become and how it effects nearly every service on the internet. I know a lot of IT guys have had a very busy week making sure it is patched.
I have been following updates on Github for a while and I never seen any dependency updates mentioning Log4j so was fairly sure UMS did not use it but was not certain.
Earlier today Computerphile put out a video explaining what this exploit is, how bad it has become and how it effects nearly every service on the internet. I know a lot of IT guys have had a very busy week making sure it is patched.
I have been following updates on Github for a while and I never seen any dependency updates mentioning Log4j so was fairly sure UMS did not use it but was not certain.
Logs are important for us to help, Please follow This Link before asking for support. Just a forum cleaner, Will help if I can but no expert.