logj4 Mitigation necessary? In the pipeline?
7 posts
• Page 1 of 1
Serviio seems to use an older version of log4j. What is the plan to mitigate the ongoing attack vector in the log4j product?
Re: logj4 Mitigation necessary? In the pipeline?
Serviio uses BItbucket for tracking bugs and enhancements. I suggest posting this information there, so the developer can track and provide feedback for the issue. I searched for any entries for log4j and found none.
https://bitbucket.org/xnejp03/serviio/issues
https://bitbucket.org/xnejp03/serviio/issues
Dan
LG NANO85 4K TV, Samsung JU7100 4K TV, Sony BDP-S3500, Sharp 4K Roku TV, Insignia Roku TV, Roku Ultra, Premiere and Stick, Nvidia Shield, Yamaha RX-V583 AVR.
Primary server: Intel i5-6400, 16 gig ram, Windows 10 Pro, 22 TB hard drive space | Test server Windows 10 Pro, AMD Phenom II X4 965, 8 gig ram
HOWTO: Enable debug logging HOWTO: Identify media file contents
LG NANO85 4K TV, Samsung JU7100 4K TV, Sony BDP-S3500, Sharp 4K Roku TV, Insignia Roku TV, Roku Ultra, Premiere and Stick, Nvidia Shield, Yamaha RX-V583 AVR.
Primary server: Intel i5-6400, 16 gig ram, Windows 10 Pro, 22 TB hard drive space | Test server Windows 10 Pro, AMD Phenom II X4 965, 8 gig ram
HOWTO: Enable debug logging HOWTO: Identify media file contents
Re: logj4 Mitigation necessary? In the pipeline?
Just released 2.2.1 which has the latest (fixed) version of log4j
Petr
Serviio developer / site admin
Do not send me PM for support as the solution can't be shared with others.
Follow Serviio on Facebook | Follow Serviio on Twitter
Help translate Serviio
Intel UPnP tools | HOWTO: Turn on detailed logging | HOWTO: Provide supported formats of a device | HOWTO: Provide details of a video file that doesn't play
Serviio developer / site admin
Do not send me PM for support as the solution can't be shared with others.
Follow Serviio on Facebook | Follow Serviio on Twitter
Help translate Serviio
Intel UPnP tools | HOWTO: Turn on detailed logging | HOWTO: Provide supported formats of a device | HOWTO: Provide details of a video file that doesn't play
Re: logj4 Mitigation necessary? In the pipeline?
zip wrote:Just released 2.2.1 which has the latest (fixed) version of log4j
2.2.1 appears to contain log4j 2.15.0 and regrettably that was an incomplete fix, so Apache has now released log4j 2.16.0 (hopefully the last for a while!).
Edit: Ugh ... Apache has released log4j 2.17.0 (2.16.0 still vulnerable to DoS).
Edit: ... and Apache has released log4j 2.17.1 (2.17.0 still vulnerable to RCE via a different attack)
Is an updated version of serviio in the pipeline?
Re: logj4 Mitigation necessary? In the pipeline?
same, please release a new version with log4j 2.17.1
Re: logj4 Mitigation necessary? In the pipeline?
+1 on the topic!
It's been a while since the log4j issue has been found and fixed, it would be great to have a serviio with a fixed version of it!
It's been a while since the log4j issue has been found and fixed, it would be great to have a serviio with a fixed version of it!
Re: logj4 Mitigation necessary? In the pipeline?
Last I was advised by Zip, the next version of Serviio should reach beta testing sometime this summer. I have no clue what is in the next version, but I would expect he will ensure log4j is addressed.
Dan
LG NANO85 4K TV, Samsung JU7100 4K TV, Sony BDP-S3500, Sharp 4K Roku TV, Insignia Roku TV, Roku Ultra, Premiere and Stick, Nvidia Shield, Yamaha RX-V583 AVR.
Primary server: Intel i5-6400, 16 gig ram, Windows 10 Pro, 22 TB hard drive space | Test server Windows 10 Pro, AMD Phenom II X4 965, 8 gig ram
HOWTO: Enable debug logging HOWTO: Identify media file contents
LG NANO85 4K TV, Samsung JU7100 4K TV, Sony BDP-S3500, Sharp 4K Roku TV, Insignia Roku TV, Roku Ultra, Premiere and Stick, Nvidia Shield, Yamaha RX-V583 AVR.
Primary server: Intel i5-6400, 16 gig ram, Windows 10 Pro, 22 TB hard drive space | Test server Windows 10 Pro, AMD Phenom II X4 965, 8 gig ram
HOWTO: Enable debug logging HOWTO: Identify media file contents
7 posts
• Page 1 of 1
Return to Serviio Support & Help
Who is online
Users browsing this forum: Majestic-12 [Bot] and 38 guests