[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [cross-project-issues-dev] [orbit-dev] log4j vulnerability in Eclipse: update to 2.16.0?
|
The deadline for contributions is Wednesday evening. I can hold off
promotion if someone asks me to do that ahead of time, but once I get up
on Thursday morning, I will promote what's there at that time as I have
done today...
I can respin if necessary, but this issue is not one that cropped up
today nor last night so...
Regards,
Ed
On 13.01.2022 09:31, Alexander Fedorov wrote:
Hello,
Some hours ago I've found that Orbit still contributes the log4j
vulnerability to the SimRel
Thanks to Jonah, the situation is better, now we have updated Orbit
with log4j 2.15.0
But shouldn't we hold a train a bit to use the latest fix from Orbit
that provides log4j 2.17.1?
Regards,
AF
12/18/2021 4:19 PM, Andrey Loskutov пишет:
After update is before update...
log4j has now 2.17.0.
https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
Am 15. Dezember 2021 12:03:21 MEZ schrieb Alexander Fedorov
<alexander.fedorov@xxxxxxxxxx>:
Thank you, Andrey!
Just merged https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188862
Will be working to provide Eclipse Passage 2.2.2 service release.
Regards,
AF
12/15/2021 1:38 PM, Andrey Loskutov пишет:
+1 from me.
The hype is too big.
Re-posting your message to collect more feedback regarding:
should we replace 2.15.0 with 2.16.0 in Orbit?
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To unsubscribe from this list,
visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
--
Kind regards,
Andrey Loskutov
https://www.eclipse.org/user/aloskutov
Спасение утопающих - дело рук самих утопающих
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev