• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

Log4j vulnerability.

Sort by date Sort by votes
Gambalunga said:
Does Chevereto have a vulnerability to the Java Log4j library?
Click to expand...
No, as we don't use Java at all. We use PHP.

Note that other software in your server may be Java-based and therefore exposed to this. The recommendation for everybody is to update the server libraries and packages asap.
 
Upvote 0 Downvote
Rodolfo said:
No, as we don't use Java at all. We use PHP.

Note that other software in your server may be Java-based and therefore exposed to this. The recommendation for everybody is to update the server libraries and packages asap.
Click to expand...
True, but maybe he meant that if the Chevereto is vulnerable in a way where people can use it to upload a java log4j library so when it get's uploaded it executes into server and does damage. That is what he probably means and wonders if in this case Chevereto is protected against such attacks. This can be done some times even if site uses PHP and not java.
 
Upvote -1 Downvote
JakeSully said:
people can use it to upload a java log4j library so when it get's uploaded it executes into server and does damage
Click to expand...
You can't infect a system the way you described it, at least not for the vulnerability being discussed here. The vuln exploits Java software using log4j, Chevereto is not Java software and it doesn't uses log4j.
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top