Eclipse Community Forums: Newcomers » Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228

Home » Newcomers » Newcomers » Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 (Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228)

Show: Today's Messages :: Show Polls :: Message Navigator

Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 [message #1848646 is a reply to message #1848645]

Sun, 12 December 2021 07:21

Ed Merks

Messages: 33251
Registered: July 2009

Senior Member

You can follow this thread for ongoing discussions:

https://www.eclipse.org/lists/cross-project-issues-dev/msg18752.html

The short answer is not to confuse the bundle org.apache.log4j with the bundle org.apache.logging.logj4. The problem is specifically in the latter not the former, and the latter, in the latest release, is used only by org.eclipse.passage.*, so if you don't have that installed you won't have the problematic bundle installed. Note too that it's also not clear that even if you did install passage that it logs content that can be subverted externally.

Using Help -> About -> Installation Details -> Plug-ins and typing org.apache.logging.logj4 in the filter field, you can confirm that you don't have this problematic bundle installed for whatever (older) version of Eclipse you are using...

Ed Merks
Professional Support: https://www.macromodeling.com/

Report message to a moderator

[Message index]

		Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: Santosh Kumar on Sun, 12 December 2021 05:48
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: Ed Merks on Sun, 12 December 2021 07:21
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: Santosh Kumar on Mon, 13 December 2021 14:21
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: Ed Merks on Mon, 13 December 2021 15:54
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: Santosh Kumar on Mon, 13 December 2021 16:41
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: philipp huebner on Thu, 16 December 2021 13:38
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: Ed Merks on Thu, 16 December 2021 14:02
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: philipp huebner on Tue, 21 December 2021 09:48
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: Ed Merks on Tue, 21 December 2021 11:45
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: philipp huebner on Wed, 02 February 2022 11:04
		Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 By: Ed Merks on Wed, 02 February 2022 13:18

Previous Topic:	Paho_MQTTSN
Next Topic:	Problem with Papyrus Installer

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Nov 03 06:02:00 GMT 2024

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter