Hello,
Is Phoca Gallery for Joomla vulnerable to the Log4j exploit?
thanks,
JC
Log4j, wjhk.jupload.jar
-
Jan
- Phoca Hero
- Posts: 49138
- Joined: 10 Nov 2007, 18:23
- Location: Czech Republic
- Contact:
Re: Log4j, wjhk.jupload.jar
Hi,
Log4j is a part of Apache server.
The Java upload feauture which was a part of Phoca Gallery worked on PC (where it resized the images before upload), it was not working on server but on users's PC (and there were plenty of security limits to run it). In fact, because of security limits it is not used anymore (PC just didn't run it without many exceptions done). Since version 4.5 the file is even not a part of Phoca Gallery.
Jan
Log4j is a part of Apache server.
The Java upload feauture which was a part of Phoca Gallery worked on PC (where it resized the images before upload), it was not working on server but on users's PC (and there were plenty of security limits to run it). In fact, because of security limits it is not used anymore (PC just didn't run it without many exceptions done). Since version 4.5 the file is even not a part of Phoca Gallery.
Jan
If you find Phoca extensions useful, please support the project