Not sure why Wowza is behind the 8 ball. The log4j library needs to be replaced ASAP. Or make a config change in its config. I see no server update about it yet. The API is stable so should be hot swappable.
The engineers worked incredibly hard and long hours to address both CVE ISSUES, including the new one that was just discovered. Please keep a respectful tone in this community. This has been a very dynamic situation affecting companies all around the world.
Testing has to ensure all of our customers with advanced custom configurations can patch as well.
The official Wowza fix for both CVE issues has been announced. Please use the main post for this issue so forum visitors can quickly find the solution for this.
I was giving a notice. Not sure what you mean about respectful. Hot swapping the log4j jar should be enough. Into the lib directory.
Hi Rose,
Could you please suggest the mitigation steps to fix this log4j vulnerabilities;
we have wowza streaming engine 4.7.7 and wowza streaming engine manger 4.7.7 installed in production and i can see log4j 1.2.17 .jar file n lib folder, could you please suggest the mitigation steps to fix this log4j vulnerabilities
(Could you please suggest the mitigation steps to fix this log4j vulnerabilities)