Hello Maxim,
that's good news!
Thanks for your reply,
Thomas
Am 13.12.21 um 01:50 schrieb Maxim Solodovnik:
Yes,
We are not affected
To get most updated version you can use latest SNAPSHOT :)
from mobile (sorry for typos ;)
On Mon, Dec 13, 2021, 04:21 Thomas Scholzen wrote:
Hi Seba
Yes,
We are not affected
To get most updated version you can use latest SNAPSHOT :)
from mobile (sorry for typos ;)
On Mon, Dec 13, 2021, 04:21 Thomas Scholzen wrote:
> Hi Sebastian,
>
> thank you for your assessment and quick response.
>
> Best regards,
> Thomas
>
>
> Am 12.12.21 um 22:05 s
Hi Sebastian,
thank you for your assessment and quick response.
Best regards,
Thomas
Am 12.12.21 um 22:05 schrieb seba.wag...@gmail.com:
Afaik we are not using the native log4j library. I think the
vulnerability is only in the actual log4j.jar file.
log4j-over-slf4j is merely a bridge that
Afaik we are not using the native log4j library. I think the
vulnerability is only in the actual log4j.jar file.
log4j-over-slf4j is merely a bridge that mimics log4j APIs in order to
redirect the log stream into slf4j without rewriting the existing log4j
logging statements. The bridge ensures old
Openmeetings has, among others, the following dependencies:
log4j-over-slf4j-1.7.32.jar
slf4j-api-1.7.32.jar
jcl-over-slf4j-1.7.32.jar
Does anyone know, whether these are affected by the log4j vulnerability
CVE-2021-44228 and have to be updated?
Thanks,
Thomas
