Hi,
I'm running Confluence server and our IT department just let me know that /atlassian/.hold/syslog-ng needs to be removed because it contains log4j. We only have a production server so I can't test how removing that will affect the server..
Is there a fix for that vulnerability? How should I resolve this issue?
Thanks!
Tony
syslog-ng isn't part of Confluence.
Talk to your IT department to better understand what is actually vulnerable and the options you may have
If you remove it, your Confluence will stop working properly.
You should look at the vulnerability, check if you are actually affected by it, look at the amelioration options, and probably go with the most simple ones of firewalling, trusting your admins, or upgrading Confluence.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.