[Archivesspace_Users_Group] Log4j vulnerability with AS

Zhang, Bin bzhang at csus.edu
Fri Apr 8 14:23:56 EDT 2022


We are still getting those vulnerabilities related to log4j in our As server by our vulnerability scanner (we are running As 3.2.0).  The scanner found these files:

gems/gems/ladle-0.2.0-java/lib/ladle/apacheds/log4j-1.2.14.jar
gems/gems/mizuno-0.6.11/lib/java/log4j-1.2.17.jar

I understand from earlier threads about this that these are for testing and not in use by the AS application.  Is this true, and if so, can we simply remove the gems/gems/ladle-0.2.0-java/lib/ladle and mizuno-0.6.11 folders?  Will it affect AS in any way?

Thanks

---
Bin Zhang (he/him/his)
Systems and Technology Librarian
Library Systems & IT Services, University Library
California State University, Sacramento
bzhang at csus.edu<mailto:bzhang at csus.edu> | +1 (916) 278-5664
Zoom: https://csus.zoom.us/my/bzhang

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20220408/95caa525/attachment.html>


More information about the Archivesspace_Users_Group mailing list