Re: [cross-project-issues-dev] [orbit-dev] log4j vulnerability in Eclipse?

Sat, 11 Dec 2021 11:48:53 -0800 

Thanks Matthias!

According to Wayne, 2.15 has already been vetted and is good for use:
https://www.eclipse.org/lists/eclipse.org-committers/msg01333.html 
<https://www.eclipse.org/lists/eclipse.org-committers/msg01333.html>

-Gunnar

-- 
Gunnar Wagenknecht
gun...@wagenknecht.org, http://guw.io/



> On Dec 11, 2021, at 20:36, Matthias Sohn <matthias.s...@gmail.com> wrote:
> 
> On Sat, Dec 11, 2021 at 11:35 AM Gunnar Wagenknecht <gun...@wagenknecht.org 
> <mailto:gun...@wagenknecht.org>> wrote:
> Alexander,
> 
>> On Dec 11, 2021, at 10:16, Alexander Fedorov <alexander.fedo...@arsysop.ru 
>> <mailto:alexander.fedo...@arsysop.ru>> wrote:
>> It would be great to learn vulnerability clean-up process with Eclipse Orbit 
>> team to then apply it to Eclipse Passage.
> 
> 
> There is no Orbit team. Orbit is driven by project committers using/needing 
> libraries in Orbit.
> I encourage the Eclipse Passage project to submit a Gerrit review for a newer 
> version.
> 
> considering the buzz around this vulnerability I went ahead and pushed an 
> update to log4j 2.15 for orbit
> https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188768 
> <https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188768>
> note that the required clearlydefined score isn't reached yet, if this 
> doesn't change soon
> maybe someone can contribute the missing information to clearlydefined or
> we file CQs to get the license approval for the new version
>  
> You can also try a new way as described by Mickael here:
> https://www.eclipse.org/lists/orbit-dev/msg05509.html 
> <https://www.eclipse.org/lists/orbit-dev/msg05509.html>
> 
> -Gunnar
> _______________________________________________
> orbit-dev mailing list
> orbit-...@eclipse.org <mailto:orbit-...@eclipse.org>
> To unsubscribe from this list, visit 
> https://www.eclipse.org/mailman/listinfo/orbit-dev 
> <https://www.eclipse.org/mailman/listinfo/orbit-dev>
> _______________________________________________
> cross-project-issues-dev mailing list
> cross-project-issues-dev@eclipse.org
> To unsubscribe from this list, visit 
> https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev


_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev

Reply via email to