Is Apache Log4j configured for Bitnami Wordpress

any updates here from apache or bitnami??

hey, have you found any further info on this package?

Hello. I’m a user of LAMP PHP 7 LightSail VM on AWS and I would also like to know this.
Thanks

We’re also using Bitnami LAMP on AWS Lightsail, but have Ubuntu 16.04 and are not receiving OS updates. So it’s important to know if this Bitnami is vulnerable to Log4j. Thanks!

Hi, we use Bitnami LAMP, Bitnami Wordpress and Bitnami Wordpress Multisite on Amazon AWS Lightsail instances. The IT team of one of our major client, advice us that they find the log4j issue inside our wp multisite instance. So Bitnami installation seems to be vulnerable to log4j. How to apply the permanent remediation?
Thanks in advance

What you found is not “log4j” but instead “log4js”. The name of the framework is quite similar but it is not the same tool.
https://log4js-node.github.io/log4js-node/

I would cautiously guess that this finding has nothing to do with the current problem, but would be grateful for confirmation, as this is not necessarily my area of expertise.

Regards

But log4j is used by default on wordpress bitnami stack?

Hi all,

The Bitnami WordPress, WordPress Multisite and LAMP solutions are build on top of PHP and do not include Java that is necessary to run log4j. We can confirm that we are not shipping this vulnerable component in these solutions by default.

As @Jens_Hartmann mentioned, the references to the log4js library inside the nami folder refer to the log4js npm package that is not related to the log4j component. You can find more information here:

https://www.npmjs.com/package/log4js

Thanks for using this forum and let us know if you have any other questions.

6 Likes

Thanks @jota, I think this information is reassuring for all of us!

1 Like

Hi jota,

Is this also the case for Bitnami WAMP?

Thank you so much @jota :grin:

Thanks for confirming @jota !

Hi @briggaman,

WAMP does not include Log4j (it does not include Java either) so it’s safe to use.

How about WordPress with NGINX and SSL Certified by Bitnami and Automattic?

Hi @bartjan,

Same for that solution. We do not include Elasticsearch there and no Log4j library is included either.

Thanks for the confirmation @jota!

We are using Testlink software for QA teams does testlink using Log4j???

We are using Testlink software for QA teams does testlink using Log4j???

Hi @ashifahmed89,

TestLink is a PHP application and do not include Java or any java library so it’s safe to use. However, you can ask the app’s developers to know if they are using the affected library somehow.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.