WLSDM for WebLogic
Published in

WLSDM for WebLogic

WLSDM & WL-OPC products are using JDK’s java.util.logging.Logger

Our products WLSDM and WL-OPC are not affected from Apache Log4j Security Vulnerabilities (CVE-2021–44228).

WLSDM and Logger Framework.

We are not using any log4j library. Also, our security layer is protected by default Oracle WebLogic security layer just as WebLogic Administrator console. Oracle WebLogic is not using Apache Log4j by default settings. Default “Oracle WebLogic Logging Service” is JDK. But, log4j is also another option for Oracle WebLogic Logging Service infrastructure. If you have changed this configuration as Log4j you need to take action. Oracle published official support link for “CVE-2021–44228” security bug.

Security Alert CVE-2021–44228 / CVE-2021–45046 Patch Availability Document for Oracle Fusion Middleware (Doc ID 2827793.1)

From Oracle Document: “Apache Log4j version 2 is not used in default Oracle WebLogic Server installations or configurations. However, the Oracle WebLogic Server home contains vulnerable Log4j version 2 jars.”

Here is the development report from our Software Architect, Mustafa Şensoy.

WLSDM Logger Strategy: WLSDM is not affected by Apache Log4j2 security vulnerabilities because our products WLSDM and WL-OPC use the “java.util.logging.Logger” as the logger.

Mustafa SENSOY
WLSDM/WL-OPC Software Architect
Do or do not there is no try!

WL-OPC’s SpringBoot infrastructure and package is shipped with vulnerable log4j2 jar library. WL-OPC is also not using log4j2 framework, too. Here is the SpringBoot official post: Log4J2 Vulnerability and Spring Boot

Fevzi Korkutata
CTO @ Volthread | Product Manager | Oracle ACE





Native Oracle WebLogic Monitoring WLSDM is developed by the best WebLogic developers for the best WebLogic administrators to support mission critical HA domains. Supports all plain WebLogic and Fusion Middleware (FMW) WebLogic domains. Download now! https://wlsdm.com/download

Recommended from Medium

{UPDATE} Go Classic Chinese Game Hack Free Resources Generator

Advance Automated Standalone Phishing Tool

How Do I Know If I’m Being Scammed?

{UPDATE} Galaxy on Fire 3 Hack Free Resources Generator

Optimizing your resilience against Log4Shell


BNBelieving in the DRIP Reservoir

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
M. Fevzi Korkutata

M. Fevzi Korkutata

CTO | Man in the middleware.. Solves very large scale software Dev and Ops performance problems with a few chess move!

More from Medium

Keeping an Audience in an Age of Shrinking Attention Spans

Looking up cinema stairs at the seats.

Security on chip: hardware as root of trust(Part 1 — Foundation)

The building blocks of literacy: Assessing short sounds with speech technology for kids

Technology: An Invasion of Privacy