Document toolboxDocument toolbox

Devo Relay - Security FAQ

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Oct 02, 2023 by Borja Moro Moreno
1 min read

Log4j

Devo Relay v2.0.X includes a non-required log4j library in the installation package that has been removed in v2.1.0. We recommend upgrading to the last version.

In case you want to remove it without upgrading to the last version, follow the indicated procedure:

For Devo Relay v2.0.X

$ sudo rm /opt/devo/ng-relay/lib/log4j-1.2.17.jar $ sudo systemctl restart devo-ng-relay.service

For Devo Relay v1.4.2

$ sudo rm /opt/devo/scoja-server/lib/log4j-1.2.17.jar $ sudo /etc/init.d/devo-scoja-relay stop $ sudo /etc/init.d/devo-scoja-relay start

Spring4Shell

Devo Relay relies on the Spring library, but it does not use Spring MVC or Spring WebFlux so it's not impacted by the Spring4Shell vulnerability.