Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] log4j vulnerability in Eclipse?

Based on Twitter activity and "Is project X vulnerable" questions I see on the forums, I think the Gerrit folks are providing a great service to their users by issuing such a statement:

I'd encourage Eclipse projects, especially Glassfish, Jetty, jGit and such, to issue similar statements. Your users have questions marks over their heads right now.


On 2021-12-10 14:02, Matthew Khouzam via cross-project-issues-dev wrote:
It's for log4j2 between 2.0.0 and 2.14.1

From: cross-project-issues-dev <cross-project-issues-dev-bounces@xxxxxxxxxxx> on behalf of Denis Roy <denis.roy@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, December 10, 2021 1:46 PM
To: Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>
Subject: [cross-project-issues-dev] log4j vulnerability in Eclipse?

Hi Folks,

As you may be aware, an important vulnerability has been discovered in log4j

If I recall, log4j is used in Eclipse components.  Does anyone have a feel for our current state?  Is 2021-12 affected?


Back to the top