[haiku-sysadmin] Re: HDS and Log4J Vulnerability
- From: "Andrew Lindesay" <apl@xxxxxxxxxxxxxx>
- To: haiku-sysadmin@xxxxxxxxxxxxx
- Date: Wed, 15 Dec 2021 06:43:36 +1300
All versions of the JVM are now impacted, bypasses have been found. Do
any dependencies of HDS use Log4J?
Hello Augustine;
The application uses a different logging infrastructure called `logback` on top
of an API called `slf4j`. You can see below that the only dependencies relate
to directing `log4j` traffic into the `slf4j` API;
mvn dependency:tree | grep log4j
[INFO] +- org.slf4j:log4j-over-slf4j:jar:1.7.28:compile
[INFO] | +- org.slf4j:log4j-over-slf4j:jar:1.7.28:compile
[INFO] | +- org.slf4j:log4j-over-slf4j:jar:1.7.28:compile
Regards.
Other related posts: