Hello, Igniters.
log4j 1.2.17 is not supported and contains critical vulnerabilities
I suggest excluding log4j 1.2.17 and module ignite-log4j from ignite[1].
Direct vulnerabilities:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20
Your deployment has vulnerabilities only in case you configured log4j as a
logger.
Not every deployment require to be secured.
Not every deployment requires to use of log4j.
We must change the default logging library if the current is log4j and
provide the ability to use log4j as before (where it
Hello, Anton.
+1 to remove outdated logging library.
But, seems, we can’t do it right now, because of existing deployments.
Let’s mark this module as deprecated and remove it in 2.14?
> Not every deployment require to be secured.
Disagree.
We should update or workaround known security issues A
A new feedback has been added, go to bugyard.io to see all the details...
https://bugyard.io
A new feedback has been added
"Broken link - gives a 404, there are a few of these on this page" by
ian.ruffell
View feedback
https://app.bugyard.io/web/app/rycqZJDyY/f/621cc40602bf100014cef279
> But, seems, we can’t do it right now, because of existing deployments.
Correct
> Let’s mark this module as deprecated and remove it in 2.14?
Possible way
Also, we must check this will not cause problems at tests (eg. Ducktests)
On Mon, Feb 28, 2022 at 6:48 PM Nikolay Izhikov wrote:
> Hello,
