Silverstripe Version: 4.9
Question: Does Log4j 2 exist as a vulnerability?
And if so, what are the options/resolution paths, please?
Yes, a vulnerability has been annonced in Log4j but unless you have something which implements it in your hosting enviroment (presumably something running in a Java environment like possibly Solr or some particular Java-based webserver) then it shouldn’t affect you.
The only way to know for sure is to run an audit of your systems and take the appropriate action.
1 Like