|Re: [cross-project-issues-dev] [orbit-dev] log4j vulnerability in Eclipse: update to 2.16.0?|
FYI,If https://bugs.eclipse.org/bugs/show_bug.cgi?id=578192 is fixed quickly (in the next few hours) I will respin for that which will pick up anything else that is contributed/committed between now and then.
Regards, Ed On 13.01.2022 09:39, Ed Merks wrote:
The deadline for contributions is Wednesday evening. I can hold off promotion if someone asks me to do that ahead of time, but once I get up on Thursday morning, I will promote what's there at that time as I have done today...I can respin if necessary, but this issue is not one that cropped up today nor last night so...Regards, Ed On 13.01.2022 09:31, Alexander Fedorov wrote:Hello,Some hours ago I've found that Orbit still contributes the log4j vulnerability to the SimRelThanks to Jonah, the situation is better, now we have updated Orbit with log4j 2.15.0But shouldn't we hold a train a bit to use the latest fix from Orbit that provides log4j 2.17.1?Regards, AF 12/18/2021 4:19 PM, Andrey Loskutov пишет:After update is before update... log4j has now 2.17.0. https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105Am 15. Dezember 2021 12:03:21 MEZ schrieb Alexander Fedorov <alexander.fedorov@xxxxxxxxxx>:Thank you, Andrey! Just merged https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188862 Will be working to provide Eclipse Passage 2.2.2 service release. Regards, AF 12/15/2021 1:38 PM, Andrey Loskutov пишет:+1 from me. The hype is too big. Re-posting your message to collect more feedback regarding: should we replace 2.15.0 with 2.16.0 in Orbit? _______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@xxxxxxxxxxxTo unsubscribe from this list, visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev-- Kind regards, Andrey Loskutov https://www.eclipse.org/user/aloskutov Спасение утопающих - дело рук самих утопающих_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@xxxxxxxxxxxTo unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
Back to the top