On 1/4/2022 8:31 AM, Neil C Smith wrote:
On Tue, 4 Jan 2022 at 14:17, Brad K. wrote:
I think I've captured it all here:
...
2. Download/Install Oracle JDK 8 u311
A complicated process! You could perhaps try a daily build and/or rc
of NetBeans 13 in a couple of weeks. nb-javac is now includ
Hi all,
Quoting from the CVE details:
"to remotely execute arbitrary code when combined with a deserialization
gadget when listening to untrusted network traffic for log data"
Apache NetBeans does not "listen to untrusted network traffic for log
data", so it's not vulnerable.
Kind regards,
>From that, one way to mitigate the issue would be to uninstall the HTML
editor.
Gj
On Tue, Jan 4, 2022 at 4:31 PM Geertjan Wielenga <
geertjan.wiele...@googlemail.com> wrote:
> Here are the relevant places in the sources:
>
>
> https://github.com/apache/netbeans/blob/master/ide/html.validation/
Here are the relevant places in the sources:
https://github.com/apache/netbeans/blob/master/ide/html.validation/external/binaries-list
https://github.com/apache/netbeans/blob/master/ide/html.validation/external/log4j-1.2.15-license.txt
I don't see anywhere else, i.e., it's used in the HTML edito
Indeed, that's a different vulnerability and, indeed, we do need to upgrade
to the latest release of log4j.
Gj
On Tue, Jan 4, 2022 at 4:21 PM Humphrey Clerx wrote:
> Hi,
>
> The log4j2 security page also clearly states:
>
> "Please note that Log4j 1.x has reached End of Life in 2015 and is no
>
Hi,
The log4j2 security page also clearly states:
"Please note that Log4j 1.x has reached End of Life in 2015 and is no
longer supported. Vulnerabilities reported after August 2015 against Log4j
1.x were not checked and will not be fixed. Users should upgrade to Log4j 2
to obtain security fixes."
On Tue, 4 Jan 2022 at 14:17, Brad K. wrote:
> I think I've captured it all here:
...
> 2. Download/Install Oracle JDK 8 u311
A complicated process! You could perhaps try a daily build and/or rc
of NetBeans 13 in a couple of weeks. nb-javac is now included.
Strictly speaking, Java 8 is not offi
I think I've captured it all here:
1. Fresh install of Windows 10 (21H1, build 19043.1415) -- this also
means nothing in user's AppData/Local/NetBeans/cache or
AppData/Roaming/NetBeans/config
2. Download/Install Oracle JDK 8 u311
3. Download/Install NetBeans 12.6
(Following instructions at
We've looked for "log4j" in the NetBeans 12.6 binaries, as follows:
--
nb16$ find . -type f | grep -i log4j
./extide/ant/lib/ant-apache-log4j.jar
./ide/modules/ext/log4j-1.2.15.jar
--
So, we ship "log41-1.2.15.jar" with the binaries and, quoting the official
source [1]:
"Log4j 1.x is not impacte
Hello,
I use Netbeans 12.6 on Windows server 2016 with OpenJDK 11 and Maven 3.6.3
I've some integration tests written with JUnit that Maven knows how to
launch with failsafe.
I'd like to run integration tests like unitary tests from Netbeans.
I saw that there are project actions "Integration test
10 matches
Mail list logo
