High application-related Log4j vulnerability
Posted: Tue Nov 04, 2025 4:47 am
We have identified a high application-related Log4j vulnerability during a recent scan of our Linux servers. Notably, the Nagios Syslog application (version 2.0.8) is hosted on the same affected server.
Before we proceed with updating the application from version 1.2.17 to the latest release, we would like to confirm:
Will this upgrade have any impact on the Syslog application, particularly in terms of compatibility or logging behavior?
Does the latest version address or mitigate any known Log4j vulnerabilities?
Your input will be crucial in helping us plan the upgrade while ensuring system stability and security.
Looking forward to your guidance.
Path : /usr/local/nagioslogserver/elasticsearch/lib/log4j-1.2.17.jar
Installed version : 1.2.17
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years
Before we proceed with updating the application from version 1.2.17 to the latest release, we would like to confirm:
Will this upgrade have any impact on the Syslog application, particularly in terms of compatibility or logging behavior?
Does the latest version address or mitigate any known Log4j vulnerabilities?
Your input will be crucial in helping us plan the upgrade while ensuring system stability and security.
Looking forward to your guidance.
Path : /usr/local/nagioslogserver/elasticsearch/lib/log4j-1.2.17.jar
Installed version : 1.2.17
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years