On Sat, Dec 11, 2021 at 8:36 PM Matthias Sohn <matthias.s...@gmail.com> wrote:
> On Sat, Dec 11, 2021 at 11:35 AM Gunnar Wagenknecht < > gun...@wagenknecht.org> wrote: > >> Alexander, >> >> On Dec 11, 2021, at 10:16, Alexander Fedorov < >> alexander.fedo...@arsysop.ru> wrote: >> It would be great to learn vulnerability clean-up process with Eclipse >> Orbit team to then apply it to Eclipse Passage. >> >> >> >> There is no Orbit team. Orbit is driven by project committers >> using/needing libraries in Orbit. >> I encourage the Eclipse Passage project to submit a Gerrit review for a >> newer version. >> > > considering the buzz around this vulnerability I went ahead and pushed an > update to log4j 2.15 for orbit > https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188768 > note that the required clearlydefined score isn't reached yet, if this > doesn't change soon > maybe someone can contribute the missing information to clearlydefined or > we file CQs to get the license approval for the new version > since the log4j project published another release 2.16.0 adding more fixes for CVE-2021-44228 I pushed another update for Orbit: https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188862 and contributed curations to the corresponding clearlydefined entries > > >> You can also try a new way as described by Mickael here: >> https://www.eclipse.org/lists/orbit-dev/msg05509.html >> >> -Gunnar >> _______________________________________________ >> orbit-dev mailing list >> orbit-...@eclipse.org >> To unsubscribe from this list, visit >> https://www.eclipse.org/mailman/listinfo/orbit-dev >> >
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
