Container affected by Log4j exploit?


does anyone know if Containers use log4j and might be affected by the circulating exploits?

I’m currently using SWAG and Nextcloud with NGINX, but I’ve disabled outside network access while clarifying this issue.

Thanks for any info!

Best regards

The containers that use java may be affected by this exploit. The only one to our knowledge is Unifi and we released a patch for that image last night.

1 Like

Ok, thanks for the info.

For anyone interested: I did some research, had a look at the nginx access log and came upon some calls. This was also helpful.

I created following jail for fail2ban to directly block these calls:

failregex=^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"\$\{jndi:(ldap[s]?|rmi|dns)://?.*"$
ignoreregex =

Might be useful for anyone using SWAG with Fail2Ban or just plain Fail2Ban

Is there any possibility to mitigate this attack on unifi-controller 6.0.45?
This is the last controller version that supports the AP’s I am running because Ubiquiti decided these are EOL and not supported any more in the newer controller versions.
It should be possible to modify the image and pass ‐Dlog4j2.formatMsgNoLookups=true as a parameter to the JVM?

Here’s our mitigation: CVE-2021-44228 by TheSpad · Pull Request #106 · linuxserver/docker-unifi-controller · GitHub

You can apply it with: Customizing our Containers |

1 Like

Wow. That was extremely easy. I just created a shell script in /config/custom-cont-init.d/ which modifies the line using sed.

sed -i 's/-Xmx"${MEM_LIMIT}" -jar \/usr\/lib\/unifi\/lib\/ace.jar/-Xmx"${MEM_LIMIT}" -Dlog4j2.formatMsgNoLookups=true -jar \/usr\/lib\/unifi\/lib\/ace.jar/' /etc/services.d/unifi/run

Thank you.

Glad to hear it worked

Has Calibre-web been evaluated?

Have we considered integrating the ModSecurity WAF into SWAG?

SpiderLabs/ModSecurity-nginx: ModSecurity v3 Nginx Connector (

Mitigating the log4j Vulnerability (CVE-2021-44228) with NGINX - NGINX

All relevant info is here log4j Vulnerability | Info ::

No plans at this point to add modsecurity to the swag container. (Not that I think we can because I can’t seem to find an alpine package for it)

1 Like

Ubooquity’s developer states that it does not use log4j.