[haiku-sysadmin] Re: HDS and Log4J Vulnerability

• From: "Andrew Lindesay" <apl@xxxxxxxxxxxxxx>
• To: haiku-sysadmin@xxxxxxxxxxxxx
• Date: Wed, 15 Dec 2021 06:43:36 +1300

All versions of the JVM are now impacted, bypasses have been found. Do
any dependencies of HDS use Log4J?

Hello Augustine;

The application uses a different logging infrastructure called `logback` on top 
of an API called `slf4j`.  You can see below that  the only dependencies relate 
to directing `log4j` traffic into the `slf4j` API;

mvn dependency:tree | grep log4j

[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.28:compile
[INFO] |  +- org.slf4j:log4j-over-slf4j:jar:1.7.28:compile
[INFO] |  +- org.slf4j:log4j-over-slf4j:jar:1.7.28:compile

Regards.

• References:
  • [haiku-sysadmin] HDS and Log4J Vulnerability
    • From: Andrew Lindesay
  • [haiku-sysadmin] Re: HDS and Log4J Vulnerability
    • From: Alexander von Gluck IV
  • [haiku-sysadmin] Re: HDS and Log4J Vulnerability
    • From: Mr. waddlesplash

Other related posts:

• » [haiku-sysadmin] HDS and Log4J Vulnerability- Andrew Lindesay
• » [haiku-sysadmin] Re: HDS and Log4J Vulnerability- Alexander von Gluck IV
• » [haiku-sysadmin] Re: HDS and Log4J Vulnerability- Mr. waddlesplash
• » [haiku-sysadmin] Re: HDS and Log4J Vulnerability - Andrew Lindesay

1. Home
2. haiku-sysadmin
3. Archive
4. 12-2021

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---