On Sat, Dec 11, 2021 at 8:36 PM Matthias Sohn <[email protected]> wrote:
> On Sat, Dec 11, 2021 at 11:35 AM Gunnar Wagenknecht < > [email protected]> wrote: > >> Alexander, >> >> On Dec 11, 2021, at 10:16, Alexander Fedorov < >> [email protected]> wrote: >> It would be great to learn vulnerability clean-up process with Eclipse >> Orbit team to then apply it to Eclipse Passage. >> >> >> >> There is no Orbit team. Orbit is driven by project committers >> using/needing libraries in Orbit. >> I encourage the Eclipse Passage project to submit a Gerrit review for a >> newer version. >> > > considering the buzz around this vulnerability I went ahead and pushed an > update to log4j 2.15 for orbit > https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188768 > note that the required clearlydefined score isn't reached yet, if this > doesn't change soon > maybe someone can contribute the missing information to clearlydefined or > we file CQs to get the license approval for the new version > since the log4j project published another release 2.16.0 adding more fixes for CVE-2021-44228 I pushed another update for Orbit: https://git.eclipse.org/r/c/orbit/orbit-recipes/+/188862 and contributed curations to the corresponding clearlydefined entries > > >> You can also try a new way as described by Mickael here: >> https://www.eclipse.org/lists/orbit-dev/msg05509.html >> >> -Gunnar >> _______________________________________________ >> orbit-dev mailing list >> [email protected] >> To unsubscribe from this list, visit >> https://www.eclipse.org/mailman/listinfo/orbit-dev >> >
_______________________________________________ cross-project-issues-dev mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
