1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 16:40:48 +00:00

Update CISA rec guidance

This commit is contained in:
justmurphy 2021-12-29 16:18:03 -05:00 committed by GitHub
parent c534698363
commit 95e34c2637
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -3,10 +3,10 @@
This repository provides This repository provides
[CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) [CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance)
and an overview of related software regarding the Log4j vulnerability and an overview of related software regarding the Log4j vulnerability
(CVE-2021-44228). CISA urges users and administrators to review the (CVE-2021-44228). CISA urges users and administrators to upgrade to Log4j 2.17.1
[official Apache release](https://logging.apache.org/log4j/2.x/security.html) (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6), and review and monitor the
for updates and mitigation guidance, and upgrade to Log4j 2.17.1 (Java 8), 2.12.4 [Apache Log4j Security Vulnerabilities webpage](https://logging.apache.org/log4j/2.x/security.html)
(Java 7) and 2.3.2 (Java 6). for updates and mitigation guidance.
The information in this repository is provided "as is" for informational The information in this repository is provided "as is" for informational
purposes only and is being assembled and updated by CISA through purposes only and is being assembled and updated by CISA through
@ -35,7 +35,7 @@ or imply their endorsement, recommendation, or favoring by CISA.
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
## Mitigation Guidance ## ## CISA Mitigation Guidance ##
When updates are available, agencies must update software When updates are available, agencies must update software
using Log4j to the newest version, which is the most using Log4j to the newest version, which is the most