Hi Peter,
first of all to be clear, you ask about a 6 year old version of Apache
Directory Studio, correct?
I looked into that jar, it's the Apache Ant Log4 Listener only. The
log4j library itself is not included (neither in version 1 nor 2).
```
$ unzip -l
./plugins/org.apache.ant_1.9.2.v201404171502/lib/ant-apache-log4j.jar
Archive:
./plugins/org.apache.ant_1.9.2.v201404171502/lib/ant-apache-log4j.jar
Length Date Time Name
--------- ---------- ----- ----
0 2013-07-08 20:17 META-INF/
432 2013-07-08 20:17 META-INF/MANIFEST.MF
0 2013-07-08 20:16 org/
0 2013-07-08 20:16 org/apache/
0 2013-07-08 20:17 org/apache/tools/
0 2013-07-08 20:17 org/apache/tools/ant/
0 2013-07-08 20:17 org/apache/tools/ant/listener/
3446 2013-07-08 20:17
org/apache/tools/ant/listener/Log4jListener.class
15289 2013-07-08 20:16 META-INF/LICENSE.txt
218 2013-07-08 20:16 META-INF/NOTICE.txt
--------- -------
19385 10 files
```
Kind regards,
Stefan
On 12/21/21 18:41, [email protected] wrote:
Hello,
could you please give us a short information if Apache Directory Studio is
prone to CVE-2021-44228.
We have seen that a log4j is included
./Apache Directory
Studio\plugins\org.apache.ant_1.9.2.v201404171502\lib\ant-apache-log4j.jar
But we don't know if it has any impact in respect to the security issue.
Best regards,
Peter Brodt
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
