Log4J Vulnerabilities #4758
Replies: 3 comments 4 replies
-
|
Hi @joshmurari! |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the response! |
Beta Was this translation helpful? Give feedback.
-
|
@miketimofeev Maven has log4j files, in the apaches logging paths. |
Beta Was this translation helpful? Give feedback.
-
|
@mthoger it's just a cache that doesn't seem to be used anywhere. I have prepared the PR to clean up this directory just in case #4761 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the response! |
Beta Was this translation helpful? Give feedback.
-
|
@miketimofeev, for your information, a newly provisioned machine (as of 12/18) has log4j in that same cache, but the version is now 2.16 (a build from Sept 29 had 2.11). It would seem that potentially Maven/Apache has updated their packages as of last week. |
Beta Was this translation helpful? Give feedback.
-
|
We're locking this discussion because it has not had recent activity and/or other members have asked for more information to assist you but received no response. Thank you for helping us maintain a productive and tidy community for all our members. |
Beta Was this translation helpful? Give feedback.
-
Hey everyone,
Based on the recent public reports of vulnerabilities regarding Log4j, is this something that impacts the windows, ubuntu, or mac OS images that are built here?
Beta Was this translation helpful? Give feedback.
All reactions