➧Log4j Vulnerability Update • Softbranchdevelopers

Log4j is a Java library by Apache used to log debug messages within applications. It’s recently been featured in news outlets around the world due to a vulnerability (known as Log4Shell) that was discovered allowing remote code execution using a specific string.

### Laravel Forge

[Laravel Forge](https://forge.laravel.com) does not install Log4j by default. Furthermore, Forge does not install any applications known to use Log4j.

The vast majority of servers provisioned by Forge will not be vulnerable; however, if you have manually installed applications such as ElasticSearch your server may be affected.

To check if your server is affected, you can use a script such as [`log4j_checker_beta`](https://github.com/rubo77/log4j_checker_beta).

### Laravel Vapor

[Laravel Vapor](https://vapor.laravel.com) does not install or use Log4j in both the native or Docker runtimes. However, if you have manually installed libraries, use custom layers, or customize your `Dockerfile`, it is possible that Log4j has been installed due to those modifications.

You should check your environment for vulnerability and take action if necessary.

The post Log4j Vulnerability Update appeared first on Phpblogs.