netdisco-users Digest, Vol 185, Issue 1

[netdisco-users-request]

Send netdisco-users mailing list submissions to
        netdisco-users@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
        netdisco-users-requ...@lists.sourceforge.net

You can reach the person managing the list at
        netdisco-users-ow...@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."

Today's Topics:

   1. CVE-2021-44228, log4j, Dancer, Apache2 (o...@leferguson.com)
   2. Re: CVE-2021-44228, log4j, Dancer, Apache2 (Christian Ramseyer)
   3. Re: CVE-2021-44228, log4j, Dancer, Apache2 (o...@leferguson.com)

--- Begin Message ---

I have been running Netdisco for ages under apache, but I honestly do not know 
if dancer is still under the covers somewhere or how to check.

Is there any info on ensuring that Netdisco (+/- dancer) either does not have 
this vulnerability or has been mitigated (and how/what-version)?

Linwood

--- End Message ---

--- Begin Message ---

Hi Linwood

Netdisco and Dancer is pure Perl only and does not use Log4j, so nothing
to worry about.

You might see the log4j-inspired Log4Perl library as a dependency in
some places, but it is not so closely related as that it would share the
vulnerability.

Cheers
Christian

On 12.12.21 15:46, o...@leferguson.com wrote:
> I have been running Netdisco for ages under apache, but I honestly do
> not know if dancer is still under the covers somewhere or how to check.
> 
>  
> 
> Is there any info on ensuring that Netdisco (+/- dancer) either does not
> have this vulnerability or has been mitigated (and how/what-version)?
> 
>  

--- End Message ---

--- Begin Message ---

One less to worry about.  Thank you.


-----Original Message-----
From: Christian Ramseyer <ramse...@netnea.com> 
Sent: Sunday, December 12, 2021 1:19 PM
To: o...@leferguson.com; netdisco-users@lists.sourceforge.net
Subject: Re: [Netdisco] CVE-2021-44228, log4j, Dancer, Apache2

Hi Linwood

Netdisco and Dancer is pure Perl only and does not use Log4j, so nothing to 
worry about.

You might see the log4j-inspired Log4Perl library as a dependency in some 
places, but it is not so closely related as that it would share the 
vulnerability.

Cheers
Christian

On 12.12.21 15:46, o...@leferguson.com wrote:
> I have been running Netdisco for ages under apache, but I honestly do 
> not know if dancer is still under the covers somewhere or how to check.
> 
>  
> 
> Is there any info on ensuring that Netdisco (+/- dancer) either does 
> not have this vulnerability or has been mitigated (and how/what-version)?
> 
>  

--- End Message ---

_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users