Hi all, A severe vulnerability was recently discovered in log4j (CVE-2021-44228), which allows remote code execution:
https://www.lunasec.io/docs/blog/log4j-zero-day/ Code.wireshark.org was running Gerrit 2.14.11, which includes log4j 1.2.17, which appears to be vulnerable to this issue: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 Our Gerrit instance was scheduled to be decommissioned on February 23rd, but given the potential severity of the issue I did so a few minutes ago. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
