[Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?

Steele, Henry Henry.Steele at tufts.edu
Mon Dec 13 13:52:38 EST 2021

Are people on earlier versions of ArchivesSpace , e.g. 2.7.1 that use archivesspace's internal solr vulnerable?

From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> On Behalf Of Peter Heiner
Sent: Saturday, December 11, 2021 9:00 AM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
Subject: Re: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?

While ArchivesSpace itself might not be vulnerable, those who run an extrrnal Solr instance should be aware that it itself may be, see https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 for more information and some possible workarounds.

From: archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org> <archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org>> on behalf of Tom Hanstra <hanstra at nd.edu<mailto:hanstra at nd.edu>>
Sent: 11 December 2021 13:21
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org<mailto:archivesspace_users_group at lyralists.lyrasis.org>>
Subject: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?

There is a lot of buzz right now about the log4j exploit being used against Java applications. Does anyone know if ArchivesSpace is vulnerable to these exploits?

Tom Hanstra
Sr. Systems Administrator
hanstra at nd.edu<mailto:hanstra at nd.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20211213/ba5dd4f8/attachment.html>

More information about the Archivesspace_Users_Group mailing list