On this early release episode, Kyle and Dan talk about the log4shell vulnerability and how to mitigate the risk for PeopleSoft.
Show Notes
- log4shell – Vulnerability issue with log4j @ 0:30
- Remediation @ 18:45
- Add “-Dlog4j2.formatMsgNoLookups=true” to your JAVA_OPTS parameter
- Scanner tool
- Dan’s sample script to identify vulnerable libraries
- PeopleTools Patch for Log4Shell @ 29:00
- How does affect PS/Oracle products down the road? @ 40:00
Any idea if PeopleTools 8.54.28 is impacted by CVE-2021-44228 (Log4j) ? I see 8.57 – 8.59 notes on Oracle support.
You can check the log4j version under PS_HOME/class and see if it’s in the affected versions. 8.54 has been out of support for a while, so Oracle won’t mention it in their documents.