Yes, We are not affected To get most updated version you can use latest SNAPSHOT :)
from mobile (sorry for typos ;) On Mon, Dec 13, 2021, 04:21 Thomas Scholzen <tschol...@buche17.de> wrote: > Hi Sebastian, > > thank you for your assessment and quick response. > > Best regards, > Thomas > > > Am 12.12.21 um 22:05 schrieb seba.wag...@gmail.com: > > Afaik we are not using the native log4j library. I think the > vulnerability is only in the actual log4j.jar file. > > log4j-over-slf4j is merely a bridge that mimics log4j APIs in order to > redirect the log stream into slf4j without rewriting the existing log4j > logging statements. The bridge ensures old dependencies that have not been > migrated to SLF4J can work with Openmeetings. > > So OpenMeetings is not using or distributing the native log4j JAR library. > Also the Tomat version we are using that bundles OpenMeetings into a Java > Servlet Container is not affected since it's not using the native log4j jar > file. > > So as far as I can see this vulnerability should not impact OpenMeetings. > > However OpenMeetings regularly ships updates with the latest libraries and > dependencies, so if you are not using the latest version, you should > update. There have been other CVE's fixed in recent versions. > > Thanks > Sebastian > > Sebastian Wagner > Director Arrakeen Solutions, OM-Hosting.com > http://arrakeen-solutions.co.nz/ > https://om-hosting.com - Cloud & Server Hosting for HTML5 > Video-Conferencing OpenMeetings > > <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> > <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> > > > On Mon, 13 Dec 2021 at 07:29, Thomas Scholzen <tschol...@buche17.de> > wrote: > >> Openmeetings has, among others, the following dependencies: >> >> log4j-over-slf4j-1.7.32.jar >> slf4j-api-1.7.32.jar >> jcl-over-slf4j-1.7.32.jar >> >> Does anyone know, whether these are affected by the log4j vulnerability >> CVE-2021-44228 and have to be updated? >> >> Thanks, >> Thomas >> >
