Log4j apache vulnerability

Hey all, I’m too neophyte to know if this impacts erpnext, but the log4j vulnerability is pretty serious. I’m seeing from a few years ago that it was implemented in erpnext and was wondering what steps need to be taken to mitigate? This is the first server I’ve worked to host myself.

log4j is a java library, it has never been used in ERPNext which is python/js based mostly. (at least I can’t find it anywhere in code / issues)

2 Likes

Yas seems pretty serious:

Log4shell

https://www.cnbc.com/2021/12/11/minecraft-the-internets-on-fire-as-techs-race-to-fix-software-flaw.html?__source=sharebar|email&par=sharebar