On Sat, Dec 11, 2021 at 1:32 PM Eric Gallager <eg...@gwmail.gwu.edu> wrote:
> > so... is there anything to do about this in MacPorts? > There's probably nothing that can be done in terms of the MacPorts packages. It's basically dependent on upstream developers to patch anything that might be affected. It was more of a general warning to anyone on the mailing list that might be running a web server. ...I don't think any of these are the same thing, are they? > Based on my googling, jakarta-log4j is some sort of wrapper that allows Jakarta to use log4j, so it's quite possible that the jakarta-log4j package is affected. Depending on how closely the C++ port follows the original Java in the log4cxx package, it might also be affected; the same applies to the log4perl packages. -- Jason Liu On Sat, Dec 11, 2021 at 1:32 PM Eric Gallager <eg...@gwmail.gwu.edu> wrote: > On Fri, Dec 10, 2021 at 6:00 PM Jason Liu <jason...@umich.edu> wrote: > > > > In case everyone hadn't heard the news. If anyone is running Log4j for > logging on any of your web servers, you might want to read this. > > > > WIRED: 'The Internet Is On Fire' > > A vulnerability in the Log4j logging framework has security teams > scrambling to put in a fix. > > > > -- > > Jason Liu > > so... is there anything to do about this in MacPorts? > > $ port search log4j > jakarta-log4j @1.2.16 (java, devel) > Java logging API > > log4cxx @0.10.0_1 (devel) > log4cxx is a port to C++ of the log4j project > > log4jdbc @1.1 (java) > JDBC driver that can log SQL and/or JDBC calls > > p5-log-dispatch-config @1.40.0 (perl) > Log::Dispatch::Config - Log4j for Perl > > p5-log-log4perl @1.540.0 (perl) > Log4j implementation for Perl > > p5.28-log-dispatch-config @1.40.0 (perl) > Log::Dispatch::Config - Log4j for Perl > > p5.28-log-log4perl @1.540.0 (perl) > Log4j implementation for Perl > > p5.30-log-dispatch-config @1.40.0 (perl) > Log::Dispatch::Config - Log4j for Perl > > p5.30-log-log4perl @1.540.0 (perl) > Log4j implementation for Perl > > p5.32-log-dispatch-config @1.40.0 (perl) > Log::Dispatch::Config - Log4j for Perl > > p5.32-log-log4perl @1.540.0 (perl) > Log4j implementation for Perl > > Found 11 ports. > $ port installed `port -q search log4j` > The following ports are currently installed: > jakarta-log4j @1.2.16_0 (active) > log4jdbc @1.1_0 (active) > p5.28-log-log4perl @1.540.0_0 (active) > p5.30-log-log4perl @1.540.0_0 (active) > p5.32-log-log4perl @1.540.0_0 (active) > $ > > ...I don't think any of these are the same thing, are they? >