Re: [cross-project-issues-dev] [orbit-dev] log4j vulnerability in Eclipse?

Sat, 11 Dec 2021 21:19:15 -0800 

Thanks Matthias!
Do we plan to have a service release for Eclipse Orbit to let other projects consume this dependency from the trusted source? 

Regards,
AF

12/11/2021 10:48 PM, Gunnar Wagenknecht пишет:

Thanks Matthias!

According to Wayne, 2.15 has already been vetted and is good for use:
https://www.eclipse.org/lists/eclipse.org-committers/msg01333.html

-Gunnar

--
Gunnar Wagenknecht
gun...@wagenknecht.org, http://guw.io/




On Dec 11, 2021, at 20:36, Matthias Sohn <matthias.s...@gmail.com> wrote:


On Sat, Dec 11, 2021 at 11:35 AM Gunnar Wagenknecht 
<gun...@wagenknecht.org> wrote:


    Alexander,


    On Dec 11, 2021, at 10:16, Alexander Fedorov
    <alexander.fedo...@arsysop.ru> wrote:
    It would be great to learn vulnerability clean-up process with
    Eclipse Orbit team to then apply it to Eclipse Passage.



    There is no Orbit team. Orbit is driven by project committers
    using/needing libraries in Orbit.
    I encourage the Eclipse Passage project to submit a Gerrit review
    for a newer version.



considering the buzz around this vulnerability I went ahead and 
pushed an update to log4j 2.15 for orbit

https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188768

note that the required clearlydefined score isn't reached yet, if 
this doesn't change soon

maybe someone can contribute the missing information to clearlydefined or
we file CQs to get the license approval for the new version

    You can also try a new way as described by Mickael here:
    https://www.eclipse.org/lists/orbit-dev/msg05509.html

    -Gunnar
    _______________________________________________
    orbit-dev mailing list
    orbit-...@eclipse.org
    To unsubscribe from this list, visit
    https://www.eclipse.org/mailman/listinfo/orbit-dev

_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org

To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev



_______________________________________________
orbit-dev mailing list
orbit-...@eclipse.org
To unsubscribe from this list, 
visithttps://www.eclipse.org/mailman/listinfo/orbit-dev

_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@eclipse.org
To unsubscribe from this list, visit 
https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev























					Reply via email to