Log4J Vulnerabilities #4758

joshmurari · 2021-12-16T18:05:44Z

joshmurari
Dec 16, 2021

Hey everyone,

Based on the recent public reports of vulnerabilities regarding Log4j, is this something that impacts the windows, ubuntu, or mac OS images that are built here?

miketimofeev · 2021-12-16T18:15:05Z

miketimofeev
Dec 16, 2021

Hi @joshmurari!
We do not install log4j explicitly and have also inspected build logs and see no trace of log4j in any dependencies.

4 replies

joshmurari Dec 16, 2021
Author

Thanks for the response!

mthoger Dec 17, 2021

@miketimofeev Maven has log4j files, in the apaches logging paths.
isn't that a part of the hole deal ?

miketimofeev Dec 17, 2021

@mthoger it's just a cache that doesn't seem to be used anywhere. I have prepared the PR to clean up this directory just in case #4761

mthoger Dec 20, 2021

Thanks for the response!

spyder007 · 2021-12-20T16:06:13Z

spyder007
Dec 20, 2021

@miketimofeev, for your information, a newly provisioned machine (as of 12/18) has log4j in that same cache, but the version is now 2.16 (a build from Sept 29 had 2.11).

It would seem that potentially Maven/Apache has updated their packages as of last week.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Log4J Vulnerabilities #4758

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 2 comments 4 replies

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

Select a reply

Log4J Vulnerabilities #4758

joshmurari Dec 16, 2021

Replies: 2 comments · 4 replies

miketimofeev Dec 16, 2021

joshmurari Dec 16, 2021 Author

mthoger Dec 17, 2021

miketimofeev Dec 17, 2021

mthoger Dec 20, 2021

spyder007 Dec 20, 2021

joshmurari
Dec 16, 2021

Replies: 2 comments 4 replies

miketimofeev
Dec 16, 2021

joshmurari Dec 16, 2021
Author

spyder007
Dec 20, 2021