[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [orbit-dev] [cross-project-issues-dev] log4j vulnerability in Eclipse?
|
Thanks Matthias!
Do we plan to have a service release for Eclipse Orbit to let other
projects consume this dependency from the trusted source?
Regards,
AF
12/11/2021 10:48 PM, Gunnar Wagenknecht
пишет:
Thanks Matthias!
According to Wayne, 2.15 has already been vetted and
is good for use:
-Gunnar
Alexander,
It would be great to learn
vulnerability clean-up process with
Eclipse Orbit team to then apply it to
Eclipse Passage.
There is no Orbit team. Orbit is
driven by project committers using/needing
libraries in Orbit.
I encourage the Eclipse Passage
project to submit a Gerrit review for a newer
version.
considering the buzz around this
vulnerability I went ahead and pushed an update to
log4j 2.15 for orbit
note that the required
clearlydefined score isn't reached yet, if this
doesn't change soon
maybe someone can contribute the missing
information to clearlydefined or
we file CQs to get the license approval
for the new version
You can also try a new way as
described by Mickael here:
-Gunnar
_______________________________________________
orbit-dev mailing list
orbit-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________
orbit-dev mailing list
orbit-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev