最近Apache Log4j2出现了“核弹级”漏洞,其中针对jdk8以上的修复方案常见为,将log4j-core升级为2.15.0版本;
升级后应用出现:: EMPTY_BYTE_ARRAY报错,具体堆栈信息如下
: EMPTY_BYTE_ARRAY
at ..<clinit>(:56)
at ..<init>(:46)
at .$(:768)
at .Log4J2Appender.<clinit>(:46)
at (:318)
at .<init>(:95)
at (:142)
at (:281)
at .<init>(:110)
at (:4554)
at (:5197)
at (:183)
at $(:1412)
at $(:1402)
at (:266)
at (:1149)
at $(:624)
at (:748)
18:31:09.706 ERROR [ost-startStop-1][] - One or more Filters failed
后面将log4j-api同步升级后,未出现该ERROR报错
- 建议log4j2修复漏洞方案为,同时升级log4j-core和log4j-api
<dependency>
<groupId>.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.15.0</version>
</dependency>
<dependency>
<groupId>.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.15.0</version>
</dependency>