Den ons 15 dec. 2021 kl 15:32 skrev Mark Phippard <[email protected]>:
> On Wed, Dec 15, 2021 at 7:25 AM Pavel Lyalyakin > <[email protected]> wrote: > > > > > > > > On Wed, Dec 15, 2021 at 2:13 PM Daniel Sahlberg < > [email protected]> wrote: > >> > >> Hi, > >> > >> There has been several different requests regarding if Subversion is > vulnerable to the latest log4j problem. Should we write a new item about > this for the web site? Several people (Pavel Lyalyakin, Mark Phippard) has > made valuable comments and I can (with their permission) distil some > condensed reply. > >> > >> Kind regards, > >> Daniel > > > > > > There is one piece of information that hasn't been mentioned yet. > Subversion repository hooks can be written in practically any programming > language including Java. I see that there are instructions on the web for > writing Java-based hooks that use Log4j as a dependency (google "writing > subversion hooks in java"). Users have to examine their hook scripts to > ensure that they are not vulnerable. > > > > BTW, you can find the announcement from VisualSVN Team regarding > CVE-44228 (Log4Shell) at > https://www.visualsvn.com/company/news/visualsvn-products-are-not-affected-by-CVE-2021-44228 > . > > I suspect we do not want to be responsible for providing all of these > links here but I created a similar page for SVN Edge here: > > > https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.svnedge/wiki/Log4Shell > > Mark > https://subversion.apache.org/#news-20211215 (waiting for the native-english-speakers to roast me :-) )
