Re: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on Apache Netbeans IDE 12.5 Application?

2022-01-05 Thread Geertjan Wielenga 
http://blogs.apache.org/netbeans/entry/log4j-and-apache-netbeans

Gj

On Wed, Jan 5, 2022 at 12:01 PM Forshaw, Kieran <
kieran.fors...@astrazeneca.com> wrote:

> Hi,
>
> Please let me know if there is any update on this.
>
> Kieran Forshaw
> Data Science Degree Apprentice
> _
>
> AstraZeneca
> Pharmaceutical Technology & Developmentā”‚Oral Product Development
> Macclesfield, Cheshire, SK10 2NA
> kieran.fors...@astrazeneca.com
>
> Please consider the environment before printing this e-mail
>
>
>
>
>
> From: Forshaw, Kieran
> Sent: 22 December 2021 09:24
> To: users@netbeans.apache.org; d...@netbeans.apache.org
> Subject: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on
> Apache Netbeans IDE 12.5 Application?
>
> Hello,
>
> Our company's Cyber Security department has made us aware of a critical
> vulnerability, cataloged as CVE-2021-44228.
>
> In brief, this vulnerability allows a hacker to execute arbitrary code via
> applications that are based on Apache Log4j2 2.0-beta9 through 2.12.1 and
> 2.13.0 through 2.15.0 JNDI.
>
> Please refer to this link for details on this threat:
> https://nvd.nist.gov/vuln/detail/CVE-2021-44228
>
> We currently use the following software from your company:  Apache
> Netbeans IDE 12.5
>
> Could you please answer the following questions related to this software
> and the CVE-2021-44228 vulnerability?
>
>
>   1.  Does this application use Java?
>  *   If so, is Apache Log4j2 used in this application?
>
>i.  Is
> the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0 through
> 2.15.0 JNDI?
>
>*   If so, do you have a permanent fix or a temporary fix?
>   *   When will this fix be available?
>
> We appreciate your response back on this as quickly as possible.
>
> Thank you,
>
>
> Kieran Forshaw
> Data Science Apprentice
> _
>
> AstraZeneca
> Pharmaceutical Technology & Developmentā”‚Oral Product Development
> Macclesfield, Cheshire, SK10 2NA
> kieran.fors...@astrazeneca.com
>
> Please consider the environment before printing this e-mail
>
>
>
> 
>
> AstraZeneca UK Limited is a company incorporated in England and Wales with
> registered number:03674842 and its registered office at 1 Francis Crick
> Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA.
>
> This e-mail and its attachments are intended for the above named recipient
> only and may contain confidential and privileged information. If they have
> come to you in error, you must not copy or show them to anyone; instead,
> please reply to this e-mail, highlighting the error to the sender and then
> immediately delete the message. For information about how AstraZeneca UK
> Limited and its affiliates may process information, personal data and
> monitor communications, please see our privacy notice at
> www.astrazeneca.com
>

Re: Offline Install of Netbeans on JDK 8 (with nb-javac)

2022-01-05 Thread Neil C Smith 
On Wed, 5 Jan 2022 at 00:25, Brad K.  wrote:
> I think NetBeans 12 has been approved for use; I'm guessing that 13
> won't have been approved quite yet. Gov't, you see.

12.0 or 12.6?

ie. if moving 12.5 -> 12.6 was approved, then moving 12.6 -> 13 -> 14
should be the same.

In other words, we've changed the numbering scheme (and minimum JDK
requirement) from 13, but there is no particular significance in
moving from "minor" to "major" increments.  That people saw a
significance is part of the reason for changing.

Best wishes,

Neil

-
To unsubscribe, e-mail: users-unsubscr...@netbeans.apache.org
For additional commands, e-mail: users-h...@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists