1,126
edits
Difference between revisions of "Apache Log4j & CMOD ODWEK ICN"
Apache Log4j & CMOD ODWEK ICN (view source)
Revision as of 22:55, 15 December 2021
, 22:55, 15 December 2021Added more information about CMOD components affected by the vulnerability...
m (Linked to log4j download page, and added both IBM CMOD v10 technotes.) |
m (Added more information about CMOD components affected by the vulnerability...) |
||
| Line 55: | Line 55: | ||
; Which CMOD components use Apache log4j? | ; Which CMOD components use Apache log4j? | ||
: The three components that use the log4j library are the ODWEK Java API, the REST API (new in CMOD v10.5) and the Full Text Search engine. | : The three components that use the log4j library are the ODWEK Java API, the REST API (new in CMOD v10.5) and the Full Text Search engine. The CMOD server itself doesn't use log4j, so none of the standard operations a CMOD server performs are vulnerable to this exploit, this includes, loading data with arsload, indexing documents with ACIF or the PDF Indexer, migrating data between cache & secondary storage, etc. | ||
; How does ODWEK Java API / REST API / FTS use the log4j library? | ; How does ODWEK Java API / REST API / FTS use the log4j library? | ||