http://blogs.apache.org/netbeans/entry/log4j-and-apache-netbeans
Gj On Wed, Jan 5, 2022 at 12:01 PM Forshaw, Kieran < kieran.fors...@astrazeneca.com> wrote: > Hi, > > Please let me know if there is any update on this. > > Kieran Forshaw > Data Science Degree Apprentice > _____________________________________________________________________ > > AstraZeneca > Pharmaceutical Technology & DevelopmentāOral Product Development > Macclesfield, Cheshire, SK10 2NA > kieran.fors...@astrazeneca.com > > Please consider the environment before printing this e-mail > > > > > > From: Forshaw, Kieran > Sent: 22 December 2021 09:24 > To: users@netbeans.apache.org; d...@netbeans.apache.org > Subject: Cyber Security Vulnerability Threat (CVE-2021-44228) - Impact on > Apache Netbeans IDE 12.5 Application? > > Hello, > > Our company's Cyber Security department has made us aware of a critical > vulnerability, cataloged as CVE-2021-44228. > > In brief, this vulnerability allows a hacker to execute arbitrary code via > applications that are based on Apache Log4j2 2.0-beta9 through 2.12.1 and > 2.13.0 through 2.15.0 JNDI. > > Please refer to this link for details on this threat: > https://nvd.nist.gov/vuln/detail/CVE-2021-44228 > > We currently use the following software from your company: Apache > Netbeans IDE 12.5 > > Could you please answer the following questions related to this software > and the CVE-2021-44228 vulnerability? > > > 1. Does this application use Java? > * If so, is Apache Log4j2 used in this application? > > i. Is > the version of Apache Log4j2 2.0-beta9 through 2.12.1 or 2.13.0 through > 2.15.0 JNDI? > > * If so, do you have a permanent fix or a temporary fix? > * When will this fix be available? > > We appreciate your response back on this as quickly as possible. > > Thank you, > > > Kieran Forshaw > Data Science Apprentice > _____________________________________________________________________ > > AstraZeneca > Pharmaceutical Technology & DevelopmentāOral Product Development > Macclesfield, Cheshire, SK10 2NA > kieran.fors...@astrazeneca.com<mailto:kieran.fors...@astrazeneca.com> > > Please consider the environment before printing this e-mail > > > > ________________________________ > > AstraZeneca UK Limited is a company incorporated in England and Wales with > registered number:03674842 and its registered office at 1 Francis Crick > Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA. > > This e-mail and its attachments are intended for the above named recipient > only and may contain confidential and privileged information. If they have > come to you in error, you must not copy or show them to anyone; instead, > please reply to this e-mail, highlighting the error to the sender and then > immediately delete the message. For information about how AstraZeneca UK > Limited and its affiliates may process information, personal data and > monitor communications, please see our privacy notice at > www.astrazeneca.com<https://www.astrazeneca.com> >
