Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse-dev] Eclipse-Dev Jars: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
  • From: Karsten Thoms <karsten.thoms@xxxxxxxxxxx>
  • Date: Thu, 16 Dec 2021 07:55:57 +0000
  • Accept-language: de-DE, en-US
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LNwTNhBZEqqyXiLySKizc8aQAH8ePwKhUkLukzci4yw=; b=geVnTWST4DZs3ylZ6qbTGKMN8zGS6PIfy3QFVmX90HT3IR8nJbLf/tddJSKtAcxHh0ovrh8qKveJf7XDsNStKlOSxfMqpWGxplRCpQumiy1lO0LMTf2oHLV7L5xZhGY+MqcKuwVGyN1lfoDn9qjkfyd6S+0ibyxWbRzbMxFndOQML4USrcQ131aRyyHCHkIeq5zhDGMkbR7kjZ+C/pwpqBenXAdOkoD+KEgBJMN2ASbyP0na2Vp+1HTJLLgVNzG8O2z9rjmJOerMS15o2jJKWwzo2QQe1gv9TqRVI/S4YooxfFpgrejFQMgnfREoDAanzEXWN+LQgAD0sUgYmfS+HA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=Zo62DncMWRLD+pvFo67FvYc6lUZSYj5ctl+xIPjTMgRrFJ2/XOYLfSdaQ8GJpLzSgkX07jvXyNy2wdOYlH9PrmzZRs5HSh8uGN/ZFJKlsob2fgMNbSe6GxRX5F5IIVlCP5jWis2uWzDmENnXMcqH0QP+L5394hOQNeclTFMbdFBdDRpuaZ1LiRvoY3CLWSjyW3iNwmW4p6WLv85lf/ylbuhhVNjzWPnAb41Ad9xIOZtoOPUSjXg450A6PKaGmCncl/LWYY+PAllqg2nwEL3mbQ/ik3CblbFvr4Ol48AIzmFv7ahNu7jf3Sg6zi7BvJU75tVvRT+puxqarcUeLCffIQ==
  • Delivered-to: eclipse-dev@xxxxxxxxxxx
  • List-archive: <>
  • List-help: <>
  • List-subscribe: <>, <>
  • List-unsubscribe: <>, <>
  • Thread-index: AdfyS1ASj7sKvt9kRiK3kTS70DNfdAABwsAA
  • Thread-topic: [eclipse-dev] Eclipse-Dev Jars: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)

Dear Amit,

The mentioned jars are not affected. The main projects that you are referring to are
- Eclipselink

The 3rd party bundles (imxc, org.w3c*, don’t have a dependency on log4j2.

Best regards, 



Am 16.12.2021 um 08:05 schrieb Kumar, Amit (Noida) via eclipse-dev <eclipse-dev@xxxxxxxxxxx>:

Hi Team,
We are using Below jar provided by you. We want to ensure and know if it is impacted by “Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)”. If it’s impacted please let us know about the security recommendation. To know we are looking for following answer
org.eclipse.emf.common_2.4.0.v200902171115 2.4.0
org.eclipse.emf.ecore.xmi_2.4.1.v200902171115 2.4.1
org.eclipse.emf.ecore_2.4.2.v200902171115 2.4.2
org.eclipse.persistence.moxy-2.4.2 2.4.2
org.w3c.css.sac_1.3.0.v200805290154 1.3.0
chartengineapi chartengineapi
Are you using log4J?
If you are using log4j 1.x version, are you using JMSAppender class
if you are using log4j 2.x are , what is your security recommendation to fix the issue
Thanks and regards,
Amit Kumar
Tech Lead, Software Development Engineering
Financial & Risk Management Solutions
Mobile: +91-9990094588
Upcoming R&R: 
Helping Small Businesses Get Back2Business
Fiserv | Join Our Team | Twitter | LinkedIn | Facebook
FORTUNE World's Most Admired Companies®
2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021
© 2021 Fiserv Inc. or its affiliates. Fiserv is a registered trademark of Fiserv Inc. Privacy Notice
© 2021 Fortune Media IP Limited. Used under license. 
eclipse-dev mailing list
To unsubscribe from this list, visit

Back to the top