Log4j-core
On Wed, Dec 15, 2021 at 7:07 PM Alonso Del Arte
wrote:
> Excellent question. I hope not. I'll check if there's been any discussion
> in the Slack...
>
> On Wed, Dec 15, 2021 at 2:13 PM Mike Hallan
> wrote:
>
>> Does Netbeans Platform at any level use Log4j? I was thinking maybe the
>
Also consider if NetBeans Platform apps are likely to be in a situation where
malicious input is possible to exploit the vulnerability in the first place. I
suppose if the update centre or start page content were hacked it could be a
vector to get malicious input into the NB logging.
So the ma
Excellent question. I hope not. I'll check if there's been any discussion
in the Slack...
On Wed, Dec 15, 2021 at 2:13 PM Mike Hallan
wrote:
> Does Netbeans Platform at any level use Log4j? I was thinking maybe the
> logging module may, if not use it, then be based on it.
>
> Are applications bu
I am using NetBeans 12.4 (I know, upgrade) on a Windows 10 Professional
system with JDK 11.0.12 (I know, upgrade).
I am writing a proof of concept web application (Maven, Java EE 6) to
test configurable servlet filters for Content-Security-Policy and
X-Frame-Options.
This all works well, exc
Does Netbeans Platform at any level use Log4j? I was thinking maybe the logging
module may, if not use it, then be based on it.
Are applications built on Netbeans Platform are in any way vulnerable to Log4j
exploits as described at mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 ?
Thanks,Mike
At the moment the only solution is to create a shaded jar with an independent
maven project and use it as a dependency in the NB module.
It triggers what seems a bug in maven dependencies as some NB modules mix
creates a dependency from an [allow] class.
For example, adding this dependency in t
