Log4J Library Version Upgrade for Security Reasons

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

Post Reply
pogospike
Posts: 14
Joined: 26 Sep 2014, 17:50

Log4J Library Version Upgrade for Security Reasons

Post by pogospike »

hi, our security team has flagged that log4j library version that is bundled with Smartfox requires to be updated because of Vulnerabilities and that it is end of life. Is there any plan to update version of the library?

https://nvd.nist.gov/vuln/detail/CVE-2022-23302

Thanks!
Top
User avatar
Lapo
Site Admin
Posts: 23438
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Log4J Library Version Upgrade for Security Reasons

Post by Lapo »

Hi,
the vulnerability linked here refers to a specific component (JMSSink) which is not configured or activated by SmartFoxServer, therefore it has no impact on SmartFoxServer's security.

Cheers
Lapo
--
gotoAndPlay()
...addicted to flash games
Top
pogospike
Posts: 14
Joined: 26 Sep 2014, 17:50

Re: Log4J Library Version Upgrade for Security Reasons

Post by pogospike »

Okay thanks for the reply!

But, is there a plan to upgrade the library as it is pretty old now and end of life.
Top
User avatar
Lapo
Site Admin
Posts: 23438
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Log4J Library Version Upgrade for Security Reasons

Post by Lapo »

Not at the moment.

Cheers
Lapo
--
gotoAndPlay()
...addicted to flash games
Top
Post Reply

Return to “SFS2X Questions”