Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orbit-dev] [cross-project-issues-dev] log4j vulnerability in Eclipse: update to 2.16.0?


Some hours ago I've found that Orbit still contributes the log4j vulnerability to the SimRel

Thanks to Jonah, the situation is better, now we have updated Orbit with log4j 2.15.0

But shouldn't we hold a train a bit to use the latest fix from Orbit that provides log4j 2.17.1?


12/18/2021 4:19 PM, Andrey Loskutov пишет:
After update is before update...

log4j has now 2.17.0.

Am 15. Dezember 2021 12:03:21 MEZ schrieb Alexander Fedorov <alexander.fedorov@xxxxxxxxxx>:
Thank you, Andrey!

Just merged
Will be working to provide Eclipse Passage 2.2.2 service release.


12/15/2021 1:38 PM, Andrey Loskutov пишет:
+1 from me.
The hype is too big.

Re-posting your message to collect more feedback regarding:
should we replace 2.15.0 with 2.16.0 in Orbit?

cross-project-issues-dev mailing list
To unsubscribe from this list, visit
Kind regards,
Andrey Loskutov
Спасение утопающих - дело рук самих утопающих

Back to the top