Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] [orbit-dev] log4j vulnerability in Eclipse: update to 2.16.0?

Here is official request from Linux Tools for a respin for this one. Should I feel free to commit to simrel when done?

On Thu, Jan 13, 2022 at 11:36 AM Ed Merks <ed.merks@xxxxxxxxx> wrote:
FYI,

If https://bugs.eclipse.org/bugs/show_bug.cgi?id=578192 is fixed quickly
(in the next few hours) I will respin for that which will pick up
anything else that is contributed/committed between now and then.

Regards,
Ed

On 13.01.2022 09:39, Ed Merks wrote:
> The deadline for contributions is Wednesday evening.  I can hold off
> promotion if someone asks me to do that ahead of time, but once I get
> up on Thursday morning, I will promote what's there at that time as I
> have done today...
>
> I can respin if necessary, but this issue is not one that cropped up
> today nor last night so...
>
> Regards,
> Ed
>
>
> On 13.01.2022 09:31, Alexander Fedorov wrote:
>> Hello,
>>
>> Some hours ago I've found that Orbit still contributes the log4j
>> vulnerability to the SimRel
>>
>> Thanks to Jonah, the situation is better, now we have updated Orbit
>> with log4j 2.15.0
>>
>> But shouldn't we hold a train a bit to use the latest fix from Orbit
>> that provides log4j 2.17.1?
>>
>> Regards,
>> AF
>>
>> 12/18/2021 4:19 PM, Andrey Loskutov пишет:
>>> After update is before update...
>>>
>>> log4j has now 2.17.0.
>>> https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
>>>
>>>
>>> Am 15. Dezember 2021 12:03:21 MEZ schrieb Alexander Fedorov
>>> <alexander.fedorov@xxxxxxxxxx>:
>>>> Thank you, Andrey!
>>>>
>>>> Just merged https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188862
>>>> Will be working to provide Eclipse Passage 2.2.2 service release.
>>>>
>>>> Regards,
>>>> AF
>>>>
>>>> 12/15/2021 1:38 PM, Andrey Loskutov пишет:
>>>>> +1 from me.
>>>>> The hype is too big.
>>>>>
>>>>> Re-posting your message to collect more feedback regarding:
>>>>> should we replace 2.15.0 with 2.16.0 in Orbit?
>>>>>
>>>>> _______________________________________________
>>>>> cross-project-issues-dev mailing list
>>>>> cross-project-issues-dev@xxxxxxxxxxx
>>>>> To unsubscribe from this list,
>>>>> visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
>>>>>
>>> --
>>> Kind regards,
>>> Andrey Loskutov
>>>
>>> https://www.eclipse.org/user/aloskutov
>>> Спасение утопающих - дело рук самих утопающих
>>>
>>
>> _______________________________________________
>> cross-project-issues-dev mailing list
>> cross-project-issues-dev@xxxxxxxxxxx
>> To unsubscribe from this list, visit
>> https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev


--
Aleksandar Kurtakov
Red Hat Eclipse Team

Back to the top