Re: log4j vulnerability

2021-12-19 Thread seba.wag...@gmail.com
f4j without rewriting the existing >>> >> log4j logging statements. The bridge ensures old dependencies that >>> >> have not been migrated to SLF4J can work with Openmeetings. >>> >> >>> >> So OpenMeetings is not using or distributing the native lo

Re: log4j vulnerability

2021-12-16 Thread Maxim Solodovnik
since >> >> it's not using the native log4j jar file. >> >> >> >> So as far as I can see this vulnerability should not impact >> >> OpenMeetings. >> >> >> >> However OpenMeetings regularly ships updates with the latest >

Re: log4j vulnerability

2021-12-16 Thread seba.wag...@gmail.com
gt; >> However OpenMeetings regularly ships updates with the latest > >> libraries and dependencies, so if you are not using the latest > >> version, you should update. There have been other CVE's fixed in > >> recent versions. > >> > >> Thanks

Re: log4j vulnerability

2021-12-16 Thread info
over-slf4j-1.7.32.jar Does anyone know, whether these are affected by the log4j vulnerability CVE-2021-44228 and have to be updated? Thanks, Thomas Links: -- [1] https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url [2] https://www.youracclaim.com/bad

Re: log4j vulnerability

2021-12-12 Thread Thomas Scholzen
anyone know, whether these are affected by the log4j vulnerability CVE-2021-44228 and have to be updated? Thanks, Thomas

Re: log4j vulnerability

2021-12-12 Thread Maxim Solodovnik
t; > > > On Mon, 13 Dec 2021 at 07:29, Thomas Scholzen > wrote: > >> Openmeetings has, among others, the following dependencies: >> >> log4j-over-slf4j-1.7.32.jar >> slf4j-api-1.7.32.jar >> jcl-over-slf4j-1.7.32.jar >> >> Does anyone know, whether these are affected by the log4j vulnerability >> CVE-2021-44228 and have to be updated? >> >> Thanks, >> Thomas >> >

Re: log4j vulnerability

2021-12-12 Thread Thomas Scholzen
wrote: Openmeetings has, among others, the following dependencies: log4j-over-slf4j-1.7.32.jar slf4j-api-1.7.32.jar jcl-over-slf4j-1.7.32.jar Does anyone know, whether these are affected by the log4j vulnerability CVE-2021-44228 and have to be updated? Thanks, Thomas

Re: log4j vulnerability

2021-12-12 Thread seba.wag...@gmail.com
-1.7.32.jar > > Does anyone know, whether these are affected by the log4j vulnerability > CVE-2021-44228 and have to be updated? > > Thanks, > Thomas >

log4j vulnerability

2021-12-12 Thread Thomas Scholzen
Openmeetings has, among others, the following dependencies: log4j-over-slf4j-1.7.32.jar slf4j-api-1.7.32.jar jcl-over-slf4j-1.7.32.jar Does anyone know, whether these are affected by the log4j vulnerability CVE-2021-44228 and have to be updated? Thanks, Thomas