返回
-
标题
Is my LiteSpeed version vulnerable to Log4j - CVE-2021-44228? -
说明
Determine if the installed LiteSpeed version is vulnerable to Log4j - CVE-2021-44228. -
原因
Various information security news outlets reported on the discovery of critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). -
解决办法
Unaffected:
8.9.5
8.9.1
8.9
8.8
8.7 (Support Discontinued)
8.6.1 (Support Discontinued)
8.5 (Support Discontinued)**Important Note**
LiteSpeed version 8.8 and below use the Apache Log4net library. According to the vulnerability report this library is not affected.
For discontinued versions, as well as unlisted versions, we recommend a software upgrade using the following steps:
Step 1. Check LiteSpeed version.
To check the running LiteSpeed version use the following stored procedure:
Step 2. Download
Download the latest LiteSpeed version from the support portal.
Step 3. Install
Upgrade LiteSpeed using the downloaded installer from Step 2.
Step 4. Verify
Check the newly installed LiteSpeed version using the stored procedure from Step1.