0

I just received and email from Shopify that is about log4j vulnerability. and I am concerned about my other projects too most of them are built in PHP and have Ec2 server linux. How can I check if log4J is installed on my server or not, If installed then which version? as new version of log4j 2.15 has fixed this issue.

This is what I have done for now

Tried this command to check log4 logs dpkg -l | grep log4

But I am not sure if that's enough or not. Is there any further precautions that I need to take to secure my server or not.

sohail amar
  • 381
  • 2
  • 14
  • log4j is a java library. You don't "install" it and you cannot use it in PHP projects. – 1615903 Dec 13 '21 at 10:10
  • I have the same concern and like to know how to verify that an php application isn't using in any way. I have read that this issue could also arise if php applications use libraries that in turn use the log4j library. For example Elasticsearch? Is there any way do check this quick and in a reliable way for a php application? Unfortunately, I have never ever programmed with php. – TheDude Dec 13 '21 at 10:39
  • So if an PHP application would be using the log4j library, it would have installed some kind of .jar on the machine relating to log4j? – TheDude Dec 13 '21 at 11:21

0 Answers0