Improve clarity of the blog post about Log4j2 (apache#13446)

nahguam · Dec 22, 2021 · 2a2210d · 2a2210d
1 parent 3316db5
commit 2a2210d
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/site2/website/blog/2021-12-11-Log4j-CVE.md b/site2/website/blog/2021-12-11-Log4j-CVE.md
@@ -8,9 +8,10 @@ allow remote execution for attackers.
 
 The vulnerability issue is described and tracked under [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228).
 
-Current releases of Apache Pulsar are bundling Log4j2 versions that are
-affected by this vulnerability. We strongly recommend to follow the advisory of the
-Apache Log4j community and patch your systems as soon as possible.
+Current releases of Apache Pulsar are bundling Log4j2 versions that are affected by this vulnerability.
+Default configuration, combined with JVM version and other factors, can render it exploitable.
+We strongly recommend to follow the advisory of the Apache Log4j community and patch your systems 
+as soon as possible, as well as looking for unexpected behavior in your Pulsar logs.
 
 There are 2 workarounds to patch a Pulsar deployments. You can set either of: