|Re: [cross-project-issues-dev] log4j vulnerability in Eclipse?|
You can see the versions of log4j in the 2021-12 release here:
These I think:
I guess I'm trying to determine if there are any versions of Eclipse, Jetty, jGit, etc that are vulnerable.
For instance, we use Gerrit 3.2.7, which may contain a vulnerability.
On 2021-12-10 14:02, Matthew Khouzam via cross-project-issues-dev wrote:
nvd.nist.govIt's for log4j2 between 2.0.0 and 2.14.1
From: cross-project-issues-dev <cross-project-issues-dev-bounces@xxxxxxxxxxx> on behalf of Denis Roy <denis.roy@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, December 10, 2021 1:46 PM
To: Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>
Subject: [cross-project-issues-dev] log4j vulnerability in Eclipse?
As you may be aware, an important vulnerability has been discovered in log4j
If I recall, log4j is used in Eclipse components. Does anyone have a feel for our current state? Is 2021-12 affected?
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
Back to the top