Helidon and Log4j: Read about the impact of the recent Log4j vulnerabilities on Helidon 2 applications. By Joe Di Pol

image

This document describes the impact of the recent Log4j CVEs on Helidon 2 applications.

Helidon’s use of Log4j

By default Log4j is not used by Helidon based applications and does not appear on the classpath. However Helidon provides an optional Log4j integration module (helidon-logging-log4) and Helidon manages the version of Log4j. If your application uses helidon-logging-log4, or if your application uses Log4j directly then your application will have declared an explicit dependency on Log4j. But the version of this dependency might be managed by Helidon.

How can I tell if I’m impacted?

You will only be impacted if your application declares a dependency on Log4j or on a component that depends on Log4j (since log4j is an optional dependency of Helidon and Netty it will not be included transitively from those projects). To check if your application includes Log4j inspect the target/libs directory of your Helidon application and see if log4j-*.jar is there.

Actions you can take

If your Helidon application uses Log4j here are some options for upgrading:

A: Upgrade Log4j without upgrading Helidon

If you are using Helidon’s Maven dependency management (which is the default behavior if you created your application from a Helidon example or Quickstart or CLI) then you can override the version of Log4j by adding the following to your project’s pom.xml. Read the complete article here.

Developer Partner Community

For regular information become a member in the Developer Partner Community please register here.

clip_image003 Blog clip_image005 Twitter clip_image004 LinkedIn image[7][2][2][2] Facebook image Meetups

Technorati Tags: PaaS,Cloud,Middleware Update,WebLogic, WebLogic

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.