On Mon, Dec 13, 2021 at 11:37 AM David Ecker <da...@ecker-software.de> wrote: > > Hi Claus, > > the information is from Red Hat, if I understood it correctly: > > https://access.redhat.com/security/vulnerabilities/RHSB-2021-009 >
Their product and upstream Camel K are not 100% identical. > bye > David > > On 12/13/21 11:32 AM, Claus Ibsen wrote: > > On Mon, Dec 13, 2021 at 10:45 AM David Ecker <da...@ecker-software.de> > > wrote: > >> Hi, > >> > >> since it looks like camel/camel-k is directly affected by the > >> vulnerability; Is a patch or a workaround for camel-k already available? > >> > > Where do you think that? > > > > camel-k runs on quarkus that is not affected. Camel is a library that > > do not use log4j - we use slf4j-api as logging abstraction. > > the builder pod for camel-k is using apache maven, which uses the > > simpler logging from slf4j. > > > > not sure where you think log4j-core is active in use in camel-k. > > > > A blot post is in draft at > > https://github.com/apache/camel-website/pull/714 > > > >> Thanks, > >> David > > > > > -- Claus Ibsen ----------------- http://davsclaus.com @davsclaus Camel in Action 2: https://www.manning.com/ibsen2
