|Re: [cross-project-issues-dev] [orbit-dev] log4j vulnerability in Eclipse?|
According to Wayne, 2.15 has already been vetted and is good for use:
On Dec 11, 2021, at 20:36, Matthias Sohn <matthias.sohn@xxxxxxxxx> wrote:
_______________________________________________On Sat, Dec 11, 2021 at 11:35 AM Gunnar Wagenknecht <gunnar@xxxxxxxxxxxxxxx> wrote:
On Dec 11, 2021, at 10:16, Alexander Fedorov <alexander.fedorov@xxxxxxxxxx> wrote:It would be great to learn vulnerability clean-up process with Eclipse Orbit team to then apply it to Eclipse Passage.
There is no Orbit team. Orbit is driven by project committers using/needing libraries in Orbit.I encourage the Eclipse Passage project to submit a Gerrit review for a newer version.
considering the buzz around this vulnerability I went ahead and pushed an update to log4j 2.15 for orbitnote that the required clearlydefined score isn't reached yet, if this doesn't change soonmaybe someone can contribute the missing information to clearlydefined orwe file CQs to get the license approval for the new version_______________________________________________You can also try a new way as described by Mickael here:
orbit-dev mailing list
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev
cross-project-issues-dev mailing list
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________ orbit-dev mailing list orbit-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev
Back to the top