Log4j - do we need to be concerned?

I’ve been asked by the head of our IT department if we need to have concerns around our websites and Log4j. All of my medical imaging websites are Rw/Foundation (1 or 6) - based, hosted on a DreamHost Dedicated Server and flow through Cloudflare. We long ago siloed off our patient-facing sites from any/all operational sites (i.e., sites that we ‘run our business’ on). Hoping someone who really knows (e.g., @dan, @joeworkman, @Isaiah, etc.,) can weigh in.

Bottom line: no.

If you just have a web hosting plan, no Java process will be executed there.

As you have a dedicated server, there could be Java processes running. Try searching on the server for log4j for a initial idea if the library is located on your server.

Still, this cannot be anything related to RW generated websites.

1 Like

Thank you Jannis. I only have Rw sites running on my Dedicated Server. I’ll search for log4j to see if DreamHost has the library on the server (they manage our server for us), but it’s reassuring to know that it cannot be anything related to RW generated websites. Cheers!

I don’t know, or understand, the details, but I do know my server guy ran an update yesterday to Apache on all my servers. I think this is related to log4j.

If it’s a Java process, this can be the case, yes.

log4j is a popular error logging module for the Java programming language. You should not be worried about this for anything related to RapidWeaver. I also highly doubt that any hosting company is using Java for your hosting. I guess it’s possible that they could use it for backend management apps. You could pin your host about that.

1 Like

Thanks again Jannis & Joe - DreamHost wrote back, and I quote: “By default we do not have the packages in question installed, however if customers deployed JAR files, that could be a potential risk.”

They double-checked: there was no issue with our Dedicated Server.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.