Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 (Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228)
Re: Is org.apache.log4j_1.2.15 impacted by critical CVE-2021-44228 [message #1848646 is a reply to message #1848645] Sun, 12 December 2021 07:21 Go to previous messageGo to previous message
Ed Merks is currently offline Ed MerksFriend
Messages: 33257
Registered: July 2009
Senior Member
You can follow this thread for ongoing discussions:

https://www.eclipse.org/lists/cross-project-issues-dev/msg18752.html

The short answer is not to confuse the bundle org.apache.log4j with the bundle org.apache.logging.logj4. The problem is specifically in the latter not the former, and the latter, in the latest release, is used only by org.eclipse.passage.*, so if you don't have that installed you won't have the problematic bundle installed. Note too that it's also not clear that even if you did install passage that it logs content that can be subverted externally.

Using Help -> About -> Installation Details -> Plug-ins and typing org.apache.logging.logj4 in the filter field, you can confirm that you don't have this problematic bundle installed for whatever (older) version of Eclipse you are using...


Ed Merks
Professional Support: https://www.macromodeling.com/
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic:Paho_MQTTSN
Next Topic:Problem with Papyrus Installer
Goto Forum:
  


Current Time: Mon Dec 02 15:50:56 GMT 2024

Powered by FUDForum. Page generated in 0.08200 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top