[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [orbit-dev] [cross-project-issues-dev] log4j vulnerability in Eclipse: update to 2.16.0?
|
Matthias already contributed 2.17.1 and it is available in the latest I build.
Hello,
Some hours ago I've found that Orbit still contributes the log4j
vulnerability to the SimRel
Thanks to Jonah, the situation is better, now we have updated Orbit with
log4j 2.15.0
But shouldn't we hold a train a bit to use the latest fix from Orbit
that provides log4j 2.17.1?
Regards,
AF
12/18/2021 4:19 PM, Andrey Loskutov пишет:
> After update is before update...
>
> log4j has now 2.17.0.
> https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
>
>
> Am 15. Dezember 2021 12:03:21 MEZ schrieb Alexander Fedorov <alexander.fedorov@xxxxxxxxxx>:
>> Thank you, Andrey!
>>
>> Just merged https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188862
>> Will be working to provide Eclipse Passage 2.2.2 service release.
>>
>> Regards,
>> AF
>>
>> 12/15/2021 1:38 PM, Andrey Loskutov пишет:
>>> +1 from me.
>>> The hype is too big.
>>>
>>> Re-posting your message to collect more feedback regarding:
>>> should we replace 2.15.0 with 2.16.0 in Orbit?
>>>
>>> _______________________________________________
>>> cross-project-issues-dev mailing list
>>> cross-project-issues-dev@xxxxxxxxxxx
>>> To unsubscribe from this list, visithttps://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
> --
> Kind regards,
> Andrey Loskutov
>
> https://www.eclipse.org/user/aloskutov
> Спасение утопающих - дело рук самих утопающих
>
_______________________________________________
orbit-dev mailing list
orbit-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/orbit-dev
