log4j vulnerability?

Joined
Jun 2, 2019
Messages
591
Any comment from iXsystems? Or are we intentionally maintaining OPSEC?

 
Last edited:

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
Running find / -name log4j* -print on my 12.0-U7 system results in no hits. I don't think it's part of a vanilla install. However, that notice says ElasticSearch relies on log4j, so anyone who has installed ES in a jail will need to take precautions. Just off the top of my head, Graylog relies on ES, as does the SpotLight search for SMB shares.
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
TrueNAS does not use any Java components. What would you want to check if the vulnarable software clearly isn't there?
 
Top