Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] log4j vulnerability in Eclipse?

So, yes, Eclipse 2021-12 is vulnerable as 2.0.0 < 2.8.2 < 2.14.1

On 2021-12-10 14:39, Ed Merks wrote:


You can see the versions of log4j in the 2021-12 release here:

These I think:

On 10.12.2021 20:11, Denis Roy wrote:

I guess I'm trying to determine if there are any versions of Eclipse, Jetty, jGit, etc that are vulnerable.

For instance, we use Gerrit 3.2.7, which may contain a vulnerability.


On 2021-12-10 14:02, Matthew Khouzam via cross-project-issues-dev wrote:
It's for log4j2 between 2.0.0 and 2.14.1

From: cross-project-issues-dev <cross-project-issues-dev-bounces@xxxxxxxxxxx> on behalf of Denis Roy <denis.roy@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, December 10, 2021 1:46 PM
To: Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>
Subject: [cross-project-issues-dev] log4j vulnerability in Eclipse?

Hi Folks,

As you may be aware, an important vulnerability has been discovered in log4j

If I recall, log4j is used in Eclipse components.  Does anyone have a feel for our current state?  Is 2021-12 affected?


Back to the top