[che-dev] Eclipse Che is not affected by Log4J vulnerability (CVE-2021-4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[che-dev] Eclipse Che is not affected by Log4J vulnerability (CVE-2021-44228)

From: Mario Loriedo <mario.loriedo@xxxxxxxxx>
Date: Mon, 13 Dec 2021 11:48:33 +0100
Delivered-to: che-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/che-dev/>
List-help: <mailto:che-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/che-dev>, <mailto:che-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/che-dev>, <mailto:che-dev-request@eclipse.org?subject=unsubscribe>

Hi all,

Last week a log4j vulnerability that allows remote code execution has been disclosed [1]. None of the Eclipse Che components use log4j. Che server uses sl4j / logback for logging that's not affected by this vulnerabilty [2].

Regards,

Mario

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228

[2] http://mailman.qos.ch/pipermail/announce/2021/000163.html

Prev by Date: [che-dev] Status of Happy path PR check of Eclipse Che repos
Next by Date: Re: [che-dev] Che Community Meeting, December 13 - call for agenda
Previous by thread: [che-dev] Che Community Meeting, December 13 - call for agenda
Next by thread: [che-dev] Eclipse Che Blog repository
Index(es):
- Date
- Thread

Breadcrumbs