On Fri, Dec 17, 2021 at 10:18 AM Jason Abreu wrote:
> A cursory file search in my NetBeans 12.6 folder shows "log4j-1.2.15.jar"
> in the "netbeans\ide\modules\ext" path.
>
> The vulnerability only seems to be in log4j versions 2+ so I don't think
> there is anything to worry about with the NetBea
A cursory file search in my NetBeans 12.6 folder shows
"log4j-1.2.15.jar" in the "netbeans\ide\modules\ext" path.
The vulnerability only seems to be in log4j versions 2+ so I don't think
there is anything to worry about with the NetBeans IDE, itself.
- Jason
On 12/15/21 2:13 PM, Mike Hallan
Log4j-core
On Wed, Dec 15, 2021 at 7:07 PM Alonso Del Arte
wrote:
> Excellent question. I hope not. I'll check if there's been any discussion
> in the Slack...
>
> On Wed, Dec 15, 2021 at 2:13 PM Mike Hallan
> wrote:
>
>> Does Netbeans Platform at any level use Log4j? I was thinking maybe the
>
Also consider if NetBeans Platform apps are likely to be in a situation where
malicious input is possible to exploit the vulnerability in the first place. I
suppose if the update centre or start page content were hacked it could be a
vector to get malicious input into the NB logging.
So the ma
Excellent question. I hope not. I'll check if there's been any discussion
in the Slack...
On Wed, Dec 15, 2021 at 2:13 PM Mike Hallan
wrote:
> Does Netbeans Platform at any level use Log4j? I was thinking maybe the
> logging module may, if not use it, then be based on it.
>
> Are applications bu
Does Netbeans Platform at any level use Log4j? I was thinking maybe the logging
module may, if not use it, then be based on it.
Are applications built on Netbeans Platform are in any way vulnerable to Log4j
exploits as described at mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 ?
Thanks,Mike