Does vulnerability in Apache Log4j library affect LMS or Max2Play?

Max2Play > Topics > apache, LMS, log4j, log4shell, max2play > Does vulnerability in Apache Log4j library affect LMS or Max2Play?

Tagged: apache, LMS, log4j, log4shell, max2play

This topic has 1 reply, 2 voices, and was last updated 2 years, 11 months ago by MarioM Moderator.

Viewing 2 posts - 1 through 2 (of 2 total)

Back to forum

Posted in: Max2Play Development (Ideas, Wishes)
Julz premium

12. Dezember 2021 at 15:09 #51840

I don’t know if this is the right forum for this topic, but seemd to fit the most.

My question is in the title, does the vulnerabilty due to the Apache Log4j library affect Logitech Media Server (LMS) or Max2Play?

The Raspberry Pis I use aren’t accessible from the internet, but as I understood that doesn’t matter. I’m not an expert though and just want to bring this to awareness to the people that might have an educated opinion on that.

Regarding the topic Log4j:
https://www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/
https://www.spiegel.de/netzwelt/web/bundesbehoerde-warnt-vor-schwachstelle-in-weit-verbreiteter-software-a-55bc413b-2e01-446c-8ee6-5fabfee3b0f2
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3
- This topic was modified 2 years, 11 months ago by Julz.
MarioM Moderator

14. Dezember 2021 at 15:05 #51843

Hi Julz,

The basic installation of Max2Play is not affected by Log4j. However, if packages are subsequently installed that run using Java (and thus usually also use Log4j), then it would theoretically be possible that there is a security risk, provided that the device and the service can be accessed via the Internet.

However, this is very unlikely – the most common targets will be popular programs among end users.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.