On Wed, Dec 15, 2021 at 2:13 PM Daniel Sahlberg <daniel.l.sahlb...@gmail.com> wrote:
> Hi, > > There has been several different requests regarding if Subversion is > vulnerable to the latest log4j problem. Should we write a new item about > this for the web site? Several people (Pavel Lyalyakin, Mark Phippard) has > made valuable comments and I can (with their permission) distil some > condensed reply. > > Kind regards, > Daniel > There is one piece of information that hasn't been mentioned yet. Subversion repository hooks can be written in practically any programming language including Java. I see that there are instructions on the web for writing Java-based hooks that use Log4j as a dependency (google "writing subversion hooks in java"). Users have to examine their hook scripts to ensure that they are not vulnerable. BTW, you can find the announcement from VisualSVN Team regarding CVE-44228 (Log4Shell) at https://www.visualsvn.com/company/news/visualsvn-products-are-not-affected-by-CVE-2021-44228 . Thank you! -- With best regards, Pavel Lyalyakin VisualSVN Team
