Any update for the overall corona-warn-app project regarding log4j / log4shell? #1654
-
|
Can anybody give an update regarding the log4j / log4shell vulnerabilty of any of the corona-warn-app software parts? Is any of the project parts affected? If affected at all, are the required updates are already in place and are the servers updated? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
There is a FAQ entry regarding this: Statement regarding the log4j vulnerability. It says that log4j was updated to version 2.16.0 & you can take a look at the merged PRs in this repo to confirm that this actually happened. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the quick reply |
Beta Was this translation helpful? Give feedback.
-
|
@Discussion-008 Thanks for participating here. If you are satisfied for now, please, close the issue. Of course, if there are any further questions, suggestions, reports, etc open an issue in the corresponding repository. Corona-Warn-App Open Source Team |
Beta Was this translation helpful? Give feedback.
-
|
@dsarkar Can discussions be "closed"? I think marking them as answered is all you can do, if I'm not mistaken. |
Beta Was this translation helpful? Give feedback.
Hi @Discussion-008
There is a FAQ entry regarding this: Statement regarding the log4j vulnerability.
It says that log4j was updated to version 2.16.0 & you can take a look at the merged PRs in this repo to confirm that this actually happened.