Matthias provided an update. I just merged it. :)
-Gunnar
Hi,
Gunnar is right that Eclipse Orbit is a repository to consume artifacts. The question should be "does Eclipse Orbit contain the latest secure Log4j 2 version"?
According to the latest news on that topic the answer is actually no. The latest integration build contains 2.17.0. But that version still contains a vulnerability which is fixed via 2.17.1.
So another update of Orbit is necessary if you suffer from the vulnerability. Can't tell if this is already in process.
Greez, Dirk Hi Murugaiyan,
The Eclipse Orbit project should be treated like Maven Central. Hence, it is not secure. The old version will still be available for download in the archives.
However, the Log4J version has been updated by volunteers to the latest available one. Thus, mitigation is available.
-Gunnar
Hello Orbit Team, I work for BOSCH Group and we mostly use the Eclipse Framework to construct applications. In the recent times globally everyone knew about the Apache Log4j contains some Security Vulnerability issue and as a result all of the issues have a mitigation action. However, I was unable to locate any information regarding the Eclipse Orbit Project. Could you please help us out in clarifying whether Eclipse Orbit is secure ? Thank you very much. Mit freundlichen Grüßen / Best regards
Murugaiyan Deepthi
ES-CDG-Methods Tools (RBEI/EMT5) Robert Bosch GmbH | Postfach 10 60 50 | 70049 Stuttgart | GERMANY | www.bosch.com Tel. +91 422 619-1119 | Fax +91 422 663-4104 | Deepthi.Murugaiyan@xxxxxxxxxxxx
Registered Office: Stuttgart, Registration Court: Amtsgericht Stuttgart, HRB 14000; Chairman of the Supervisory Board: Prof. Dr. Stefan Asenkerschbaumer; Managing Directors: Dr. Stefan Hartung, Dr. Christian Fischer, Filiz Albrecht, Dr. Markus Forschner, Dr. Markus Heyn, Rolf Najork _______________________________________________orbit-dev mailing listorbit-dev@xxxxxxxxxxxTo unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev
_______________________________________________
orbit-dev mailing list
orbit-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev
_______________________________________________ orbit-dev mailing list orbit-dev@xxxxxxxxxxxTo unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev
|