I'm obviously worried about this vulnerability, but I wonder if I even have this library on my machine?
The machine is a webserver running a couple of node expressjs
frameworks over nginx
, plus a geoserver
I patched the machine today with sudo apt update && sudo apt upgrade
: ubuntu-advantage-tools
, openssl
and libssl1.1
were upgraded.
My java version is:
openjdk version "1.8.0_292" OpenJDK Runtime Environment (build 1.8.0_292-8u292-b10-0ubuntu1~18.04-b10) OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)
The geoserver
is v2.13.0 which I believe to be the only program that might use log4j. My geoserver is the platform independent binary version (not the Tomcat version), which uses jetty
as its webserver I think.
How can I find out if and what version of log4j I have?