Originally posted by slartibartfast01 If I do a search for "log4j" and nothing is found am I right to think I am safe?
Search for log4j*.* or log4j*.jar - and make sure you begin the search from the root directory, including all sub-directories, and with supervisor rights. Do this for all user accounts on your PC. If no matching files are found, you should be fine... However, if you add the environment variable described above in the manner I detailed, then even if you
do have log4j on your machine, this will close the vulnerability - at least for versions 2.10 onwards (current full release version is 2.14, I think, with a new 2.15 in beta to address this very problem). I'd recommend adding the environment variable regardless of whether you find any matching files. Belt and braces, so to speak