Thanks,
one system less to fix.
bye
David
On 12/13/21 11:40 AM, Claus Ibsen wrote:
On Mon, Dec 13, 2021 at 11:37 AM David Ecker <da...@ecker-software.de> wrote:
Hi Claus,
the information is from Red Hat, if I understood it correctly:
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
Their product and upstream Camel K are not 100% identical.
bye
David
On 12/13/21 11:32 AM, Claus Ibsen wrote:
On Mon, Dec 13, 2021 at 10:45 AM David Ecker <da...@ecker-software.de> wrote:
Hi,
since it looks like camel/camel-k is directly affected by the
vulnerability; Is a patch or a workaround for camel-k already available?
Where do you think that?
camel-k runs on quarkus that is not affected. Camel is a library that
do not use log4j - we use slf4j-api as logging abstraction.
the builder pod for camel-k is using apache maven, which uses the
simpler logging from slf4j.
not sure where you think log4j-core is active in use in camel-k.
A blot post is in draft at
https://github.com/apache/camel-website/pull/714
Thanks,
David
