Log4j and log4j2 library vulnerability

@girish ah i didnt even notice bevause of all the 4j notices my eyes where too open

thx for looking at this anyway

@nebulon said in Cloudron.io 2FA Problem & LDAP Question:

To be clear, each Cloudron requires one subscription. We have had various ideas around how to team up multiple servers into one Cloudron, but that is not implemented, once that is done, we will adjust our pricing scheme to match this "node" system then.

For me its not even to "team up".

I tought about the idea to record the coachings and share it (yt) to marketize myself, my customers pages and cloudron aswell.
I still need to blur something but i just dont want to use my normal acc^^
But still be able to push/pull a install of my server to a customers server after i got him far enough to do it without destroying it (or "deleting" the internet)^^

@nebulon said in Cloudron.io 2FA Problem & LDAP Question:

Currently each Cloudron is fully self-contained, so they all have their own user directory.

Thats what i thought.

@nebulon said in Cloudron.io 2FA Problem & LDAP Question:

The next release will have both external LDAP and also a feature to expose the LDAP directory. That way one could sync up two Cloudrons, but that is not really the main focus for this feature.

Thats exactly what i need.

The idea is that i am hosting different services for persons i teach in different IT Basics. First of all i start by a few basics in different services, then they get their own (sub)domain and a cloudron account.
To get them caught, i give them access to one of my servers with a cloudron install and we set up some services that the person is interested in. Mostly they want to get own servers shortly after, but still with the extremely simple one-click setup of netcup / aswell as the ubuntu install wich is working great - most Basic-Users have a big fear to do such things alone.

Hey Cloudron Crew,

First Problem: I was trying to activate 2FA at my second cloudron account - since the username is not saved aswell, its overwritten the first accounts 2FA (root@digitegal.de). Now i cannot login at cloudron.io - also passwort reset did not work since the 2FA is still activated. Normally there are always rescue-codes to save - but realized you dont give that option with your 2FA implementation (wich is bad).

Can you help me by deactivating the 2FA?
-I also wrote a mail from the used email to support@cloudron.io

Second Problem: I am not sure how your Services work in detail - I do consider a subscription but because the external LDAP is only with Business options - i asking myself if i sub, then use two server with the same account - do i have to sub twice to get full functionality on both?

How abut internal LDAP in Detail? Is the internal Interface (at my.domain.xx) and its userpool connected to both Servers (one big userpool for all servers) or got each Server his own my.domain.xx interface and Userpool?

@jdaviescoates every time when u add a new domain, it also activates the outbound email relay.

Login to your my.domain.xx
Click at ur Username -> Email -> Status
If Status is RED -> Outbound
Check Settings (Standart=Built-IN SMTP Server)
If your Hoster is not listed:
-> create a email-adress somewhere (at your hoster to use ur domain)
-> set external SMTP Server of that email-adress + emailuser + pw
Info: you can use same email adress for all domains
Test: you can also set "disable" - but you should only use that for redirections, since most services need to send emails for account creation.

@nebulon I found log4j2 libary usage in kutt (urlshortener)

Standard config:

# ONLY NEEDED FOR MIGRATION !!1!
# Neo4j database credential details
NEO4J_DB_URI=bolt://localhost
NEO4J_DB_USERNAME=
NEO4J_DB_PASSWORD=

changed to this without errors:

# ONLY NEEDED FOR MIGRATION !!1!
# Neo4j database credential details
#NEO4J_DB_URI=bolt://localhost
#NEO4J_DB_USERNAME=neo4j
#NEO4J_DB_PASSWORD=BjEphmupAf1D5pDD

Is there anything else to do?
Is that even a issue?