Max2Play Home › Forums › Max2Play Development (Ideas, Wishes) › Does vulnerability in Apache Log4j library affect LMS or Max2Play?
- This topic has 1 reply, 2 voices, and was last updated 2 years, 10 months ago by MarioM Moderator.
-
12. Dezember 2021 at 15:09 #51840
I don’t know if this is the right forum for this topic, but seemd to fit the most.
My question is in the title, does the vulnerabilty due to the Apache Log4j library affect Logitech Media Server (LMS) or Max2Play?
The Raspberry Pis I use aren’t accessible from the internet, but as I understood that doesn’t matter. I’m not an expert though and just want to bring this to awareness to the people that might have an educated opinion on that.
Regarding the topic Log4j:
https://www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/
https://www.spiegel.de/netzwelt/web/bundesbehoerde-warnt-vor-schwachstelle-in-weit-verbreiteter-software-a-55bc413b-2e01-446c-8ee6-5fabfee3b0f2
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3- This topic was modified 2 years, 10 months ago by Julz.
14. Dezember 2021 at 15:05 #51843Hi Julz,
The basic installation of Max2Play is not affected by Log4j. However, if packages are subsequently installed that run using Java (and thus usually also use Log4j), then it would theoretically be possible that there is a security risk, provided that the device and the service can be accessed via the Internet.
However, this is very unlikely – the most common targets will be popular programs among end users.
-
You must be logged in to reply to this topic.