1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 16:40:48 +00:00

Merge pull request #409 from cisagov/update-guidance

Update guidance
This commit is contained in:
justmurphy 2021-12-29 16:21:38 -05:00 committed by GitHub
commit 99b7374da5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -3,9 +3,10 @@
This repository provides This repository provides
[CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) [CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance)
and an overview of related software regarding the Log4j vulnerability and an overview of related software regarding the Log4j vulnerability
(CVE-2021-44228). CISA encourages users and administrators to review the (CVE-2021-44228). CISA urges users and administrators to upgrade to Log4j 2.17.1
[official Apache release](https://logging.apache.org/log4j/2.x/security.html) (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6), and review and monitor the
and upgrade to Log4j 2.17.1 or apply the recommended mitigations immediately. [Apache Log4j Security Vulnerabilities webpage](https://logging.apache.org/log4j/2.x/security.html)
for updates and mitigation guidance.
The information in this repository is provided "as is" for informational The information in this repository is provided "as is" for informational
purposes only and is being assembled and updated by CISA through purposes only and is being assembled and updated by CISA through
@ -34,7 +35,7 @@ or imply their endorsement, recommendation, or favoring by CISA.
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
## Mitigation Guidance ## ## CISA Mitigation Guidance ##
When updates are available, agencies must update software When updates are available, agencies must update software
using Log4j to the newest version, which is the most using Log4j to the newest version, which is the most