Thanks Matthias! According to Wayne, 2.15 has already been vetted and is good for use: https://www.eclipse.org/lists/eclipse.org-committers/msg01333.html <https://www.eclipse.org/lists/eclipse.org-committers/msg01333.html>
-Gunnar -- Gunnar Wagenknecht [email protected], http://guw.io/ > On Dec 11, 2021, at 20:36, Matthias Sohn <[email protected]> wrote: > > On Sat, Dec 11, 2021 at 11:35 AM Gunnar Wagenknecht <[email protected] > <mailto:[email protected]>> wrote: > Alexander, > >> On Dec 11, 2021, at 10:16, Alexander Fedorov <[email protected] >> <mailto:[email protected]>> wrote: >> It would be great to learn vulnerability clean-up process with Eclipse Orbit >> team to then apply it to Eclipse Passage. > > > There is no Orbit team. Orbit is driven by project committers using/needing > libraries in Orbit. > I encourage the Eclipse Passage project to submit a Gerrit review for a newer > version. > > considering the buzz around this vulnerability I went ahead and pushed an > update to log4j 2.15 for orbit > https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188768 > <https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188768> > note that the required clearlydefined score isn't reached yet, if this > doesn't change soon > maybe someone can contribute the missing information to clearlydefined or > we file CQs to get the license approval for the new version > > You can also try a new way as described by Mickael here: > https://www.eclipse.org/lists/orbit-dev/msg05509.html > <https://www.eclipse.org/lists/orbit-dev/msg05509.html> > > -Gunnar > _______________________________________________ > orbit-dev mailing list > [email protected] <mailto:[email protected]> > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/orbit-dev > <https://www.eclipse.org/mailman/listinfo/orbit-dev> > _______________________________________________ > cross-project-issues-dev mailing list > [email protected] > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
_______________________________________________ cross-project-issues-dev mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
