Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orbit-dev] Eclipse Orbit Log4j Vulnerability Info
Hi Murugaiyan,

The Eclipse Orbit project should be treated like Maven Central. Hence, it is not secure. The old version will still be available for download in the archives. 

However, the Log4J version has been updated by volunteers to the latest available one. Thus, mitigation is available.

-Gunnar

-- 
Gunnar Wagenknecht
gunnar@xxxxxxxxxxxxxxx, http://guw.io/



On Jan 11, 2022, at 10:22, Deepthi Murugaiyan (MS/EMT5-XC) via orbit-dev <orbit-dev@xxxxxxxxxxx> wrote:

Hello Orbit Team,
 
I work for BOSCH Group and we mostly use the Eclipse Framework to construct applications.
 
In the recent times globally everyone knew about the Apache Log4j contains some Security Vulnerability issue and as a result all of the issues have a mitigation action.
 
We found that Eclipse has a vulnerability state list for most of the projects it has built. (https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228))
 
However, I was unable to locate any information regarding the Eclipse Orbit Project.
 
Could you please help us out in clarifying whether Eclipse Orbit is secure ?
 
Thank you very much.
 
Mit freundlichen Grüßen / Best regards

Murugaiyan Deepthi 

ES-CDG-Methods Tools (RBEI/EMT5)
Robert Bosch GmbH | Postfach 10 60 50 | 70049 Stuttgart | GERMANY | www.bosch.com
Tel. +91 422 619-1119 | Fax +91 422 663-4104 | Deepthi.Murugaiyan@xxxxxxxxxxxx

Registered Office: Stuttgart, Registration Court: Amtsgericht Stuttgart, HRB 14000;
Chairman of the Supervisory Board: Prof. Dr. Stefan Asenkerschbaumer; Managing Directors: Dr. Stefan Hartung, 
Dr. Christian Fischer, Filiz Albrecht, Dr. Markus Forschner, Dr. Markus Heyn, Rolf Najork 
_______________________________________________
orbit-dev mailing list
orbit-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev

Back to the top