|
|
|
|
|
|
by jmuhlich
1652 days ago
|
|
|
This post claims the history of which releases closed which holes is a bit more complicated and that 8u191 really is the first release to prevent this particular exploit. However it also points out that it’s still possible to achieve RCE via log4j template expansion in certain Tomcat and Websphere configurations: https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Inj... |
|
|