WLSDM & WL-OPC products are using JDK’s java.util.logging.Logger

M. Fevzi Korkutata
Dec 16, 2021 · 2 min read

Our products WLSDM and WL-OPC are not affected from Apache Log4j Security Vulnerabilities (CVE-2021–44228).

WLSDM and Logger Framework.

We are not using any log4j library. Also, our security layer is protected by default Oracle WebLogic security layer just as WebLogic Administrator console. Oracle WebLogic is not using Apache Log4j by default settings. Default “Oracle WebLogic Logging Service” is JDK. But, log4j is also another option for Oracle WebLogic Logging Service infrastructure. If you have changed this configuration as Log4j you need to take action. Oracle published official support link for “CVE-2021–44228” security bug.

Security Alert CVE-2021–44228 / CVE-2021–45046 Patch Availability Document for Oracle Fusion Middleware (Doc ID 2827793.1)

From Oracle Document: “Apache Log4j version 2 is not used in default Oracle WebLogic Server installations or configurations. However, the Oracle WebLogic Server home contains vulnerable Log4j version 2 jars.”

Here is the development report from our Software Architect, Mustafa Şensoy.

LSDM Logger Strategy: WLSDM is not affected by Apache Log4j2 security vulnerabilities because our products WLSDM and WL-OPC use the “java.util.logging.Logger” as the logger.

Mustafa SENSOY
WLSDM/WL-OPC Software Architect
Do or do not there is no try!

WL-OPC’s SpringBoot infrastructure and package is shipped with vulnerable log4j2 jar library. WL-OPC is also not using log4j2 framework, too. Here is the SpringBoot official post: Log4J2 Vulnerability and Spring Boot

Fevzi Korkutata
CTO @ Volthread | Product Manager | Oracle ACE
https://linkedin.com/in/mfevzikorkutata

https://wlsdm.com/download

WLSDM for WebLogic

WLSDM is a WebLogic console extension which enables…

WLSDM for WebLogic

Native Oracle WebLogic Monitoring WLSDM is developed by the best WebLogic developers for the best WebLogic administrators to support mission critical HA domains. Supports all plain WebLogic and Fusion Middleware (FMW) WebLogic domains. Download now! https://wlsdm.com/download

M. Fevzi Korkutata

Written by

CTO | Man in the middleware.. Solves very large scale software Dev and Ops performance problems with a few chess move!

WLSDM for WebLogic

Native Oracle WebLogic Monitoring WLSDM is developed by the best WebLogic developers for the best WebLogic administrators to support mission critical HA domains. Supports all plain WebLogic and Fusion Middleware (FMW) WebLogic domains. Download now! https://wlsdm.com/download