Log4j is making SocketServer class vulnerable. Do I need to remove my SocketServer class file?

Asked 2 years ago

Hi, I'm implementing Log4j and scanned for vulnerability. It's just my luck that it turns out that it's making my SocketServer class vulnerable to deserialization of untrusted data and I'm not sure how to resolve it. I tried looking for fixed 1.x versions , but there don't seem to be any? I could try to patch it, but that would mean that I have to remove the SocketServer class file. Not so?

Log4j Vulnerability Deserialization Secure coding

Write an answer...﻿

Cancel

Please follow our Community Guidelines

Log4j is making SocketServer class vulnerable. Do I need to remove my SocketServer class file?

Related Posts

Why is a JavaScript call unsafe if it's used to introduce valid JavaScript into the DOM?

What is the difference between an X-CSRF-TOKEN and X-XSRF-TOKEN?

Can't find what you're looking for?