Log4Shell (CVE-2021-44228) Updates

Every thing I post no matter how rational is getting hidden so all I'm going to say here is that this statement was provably false. Arguably the code in question made it an option to do something with the reply or not, but not in all cases (there will be upcoming announcements about this) and attacks where the damage was done in the query are still possible as has been shown - which led to 2.17 coming out so quick.

Honestly, just remove JndiLookup.class from the library. We've seen no breakage from this action, and not having the class at all seems to be the wisest choice.

2 Likes

This topic received too many flags and has been closed. Thanks all for your feedback. We understand this is a sensitive topic to some, if anyone has any concerns, please don't hesitate to reach out to support@hubitat.com.