Hi - The Apache OpenOffice security team has looked into the two Log4Shell vulnerabilities. We are not impacted by them as we don’t use Apache Log4J 2.
We don't know if any third party extensions are impacted. You would need to contact those parties if you are concerned. Regards, Dave > On Dec 17, 2021, at 11:17 AM, Cheung, Danny C > <danny.c.che...@rbc.com.INVALID> wrote: > > Hi There, > > Our organization does use your product and recently heard about the an issue > with the remote code execution vulnerability (CVE-2021-44228) in Apache > Log4J. Our organization would just like to confirm with you if your product > may have been impact by this vulnerability and if so, what is the action plan > to address the vulnerability. Any information that you can provide would be > greatly appreciated. > > > Regards. > > Danny Cheung > HR Technology Operations > > > _______________________________________________________________________ > > If you received this email in error, please advise the sender (by return > email or otherwise) immediately. You have consented to receive the attached > electronically at the above-noted email address; please retain a copy of this > confirmation for future reference. > > Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur > immédiatement, par retour de courriel ou par un autre moyen. Vous avez > accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à > l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette > confirmation pour les fins de reference future. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
