On Fri, Dec 17, 2021 at 10:18 AM Jason Abreu wrote:
> A cursory file search in my NetBeans 12.6 folder shows "log4j-1.2.15.jar"
> in the "netbeans\ide\modules\ext" path.
>
> The vulnerability only seems to be in log4j versions 2+ so I don't think
> there is anything to worry about with the NetBea
A cursory file search in my NetBeans 12.6 folder shows
"log4j-1.2.15.jar" in the "netbeans\ide\modules\ext" path.
The vulnerability only seems to be in log4j versions 2+ so I don't think
there is anything to worry about with the NetBeans IDE, itself.
- Jason
On 12/15/21 2:13 PM, Mike Hallan
Log4j-core
On Wed, Dec 15, 2021 at 7:07 PM Alonso Del Arte
wrote:
> Excellent question. I hope not. I'll check if there's been any discussion
> in the Slack...
>
> On Wed, Dec 15, 2021 at 2:13 PM Mike Hallan
> wrote:
>
>> Does Netbeans Platform at any level use Log4j? I was thinking maybe the
>
Also consider if NetBeans Platform apps are likely to be in a situation where
malicious input is possible to exploit the vulnerability in the first place. I
suppose if the update centre or start page content were hacked it could be a
vector to get malicious input into the NB logging.
So the ma
Excellent question. I hope not. I'll check if there's been any discussion
in the Slack...
On Wed, Dec 15, 2021 at 2:13 PM Mike Hallan
wrote:
> Does Netbeans Platform at any level use Log4j? I was thinking maybe the
> logging module may, if not use it, then be based on it.
>
> Are applications bu
