Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] log4j vulnerability in Eclipse?

On Fri, Dec 10, 2021 at 8:12 PM Denis Roy <denis.roy@xxxxxxxxxxxxxxxxxxxxxx> wrote:

I guess I'm trying to determine if there are any versions of Eclipse, Jetty, jGit, etc that are vulnerable.

Eclipse Platform, and its transitive deps (including some parts of Jetty), do not require nor ship log4j.
EGit does include log4j 1.2.15 as optional requirement; so it seems safe.
Wild Web Developer, and its transitive deps (including LSP4E, LSP4J, some parts of EGit...), do not require nor ship log4j.
m2e, and its transitive deps, do not require not ship log4j

Back to the top