As Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaSec says setting noMsgFormatLookups to True will not work any more. The current Graylog update only includes setting the noMsgFormatLookups variable.
When can we expect that this issue get solved?
See Fixes for log4j CVE-2021-44228 by mpfz0r · Pull Request #11786 · Graylog2/graylog2-server · GitHub
That’s not correct. We also updated log4j to 2.15.0. We just added the noMsgFormatLookups setting as a second measure.
Im currently upgrade Graylog to version 3.3.15, just wondering if that include the fix for the last issue mentioned here or a new image is going to be created, I will appreciate your comments on this
It could not to be enouch, but case dependent, log4j 2.16.0 is already released.
How to update log4j from 2.11.1 to 2.16.0 ?
i use graylog 4.2.3 and elasticsearch 7.10.2 build oss
Update graylog 2 the latest version you even get log4j 2.16 with it 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
