6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Cassandra 4.0 vulnerable log4j mitigation\",\"text\":\"

Cassandra 4.0 is having log4j-over-slf4j-1.7.25 and CVE-2021-44228 is not applicable. however, slf4j-1.7.25 has CVE-2018-8088. How we are addressing Cassandra's vulnerable log4j issue.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Nitin P\"},\"upvoteCount\":2,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","cassandra",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/cassandra/1","children":"cassandra"}]}],["$","span","log4j",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/log4j/1","children":"log4j"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/cd599b207cfadba15584b3dc68ecbf46?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Nitin P","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/3379822/nitin-p","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Nitin P"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",46]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Cassandra 4.0 vulnerable log4j mitigation"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

Cassandra 4.0 is having log4j-over-slf4j-1.7.25 and CVE-2021-44228 is not applicable. however, slf4j-1.7.25 has CVE-2018-8088. How we are addressing Cassandra's vulnerable log4j issue.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",459]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","70431758",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/DU1ux.png?s=256","alt":"Erick Ramirez","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/4269535/erick-ramirez","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Erick Ramirez"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",16343]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Apache Cassandra uses Logback as the default logger, not Log4j so it is not affected by the vulnerability identified in CVE-2021-44228. Cheers!

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","70322833",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/70322833","className":"text-blue-600 hover:underline","children":"Is log4j vulnerable? Sample code to test the vulnerability"}]}],["$","li","42937387",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/42937387","className":"text-blue-600 hover:underline","children":"How do I get log4j messages to log to Cassandra?"}]}],["$","li","56543134",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/56543134","className":"text-blue-600 hover:underline","children":"Log4j cassandra appender exception"}]}],["$","li","53316038",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/53316038","className":"text-blue-600 hover:underline","children":"Cassandra: need to migrate cassandra to log4j"}]}],["$","li","47428329",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/47428329","className":"text-blue-600 hover:underline","children":"Cassandra dependency changes during log4j2 migration"}]}],["$","li","31940953",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31940953","className":"text-blue-600 hover:underline","children":"Cassandra debug logging in JBoss 4.2.3"}]}],["$","li","31161580",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31161580","className":"text-blue-600 hover:underline","children":"Missing log4j file in cassandra conf folder"}]}],["$","li","14331486",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14331486","className":"text-blue-600 hover:underline","children":"I don't understand why this log4j.xml is wrong"}]}],["$","li","21486929",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21486929","className":"text-blue-600 hover:underline","children":"Cassandra not picking up log4j-server.properties file"}]}],["$","li","9248082",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/9248082","className":"text-blue-600 hover:underline","children":"Is there any open source program that integrates logs in log4j format in a distributed system to a Cassandra DB?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Cassandra 4.0 vulnerable log4j mitigation

Answers (1)

Related Questions