Hi! While dspace 5.x and 6.x are safe from the latest log4j -vulnerability, this got my attention: https://nsfocusglobal.com/apache-log4j-deserialization-remote-code-execution-cve-2019-17571-vulnerability-threat-alert/ No updates in log4j v1.x mean no fix to this issue. Has anyone happened to dig into this and see if this vulnerability affect DSpace? And if so, any mitigations or means available to fix this issue?
Thanks in advance! Keep up the good work everyone o/ -- Antti On Monday, December 13, 2021 at 7:32:10 PM UTC+2 [email protected] wrote: > It is part of v5, but I believe the delivered version is ok since it is > pre-vunerability. > > > > > > -Dale > > > > *From:* [email protected] <[email protected]> *On Behalf > Of *Sarah Butash > *Sent:* Monday, December 13, 2021 10:55 AM > *To:* [email protected] > *Subject:* [dspace-tech] Log4J Vulnerability > > > > Hello, > > > > Our Security team has asked us to follow up to determine if Log4J is a > part of the build of DSpace v5, which I believe it is. Can you confirm? Do > you have a mitigation strategy for this issue? > > > > Thank you! > > Sarah > > > > -- > > Sarah Butash > > she / her > > Library Systems Analyst, OU Libraries > > Kresge Library, Room 227 > > 100 Library Drive, Rochester, MI 48309-4479 > > Phone: 248-370-2368 <(248)%20370-2368> > > > > > > -- > All messages to this mailing list should adhere to the Code of Conduct: > https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.lyrasis.org%2Fabout%2FPages%2FCode-of-Conduct.aspx&data=04%7C01%7Cdale.poulter%40vanderbilt.edu%7Cd3fbececdc0c4dec60da08d9be595132%7Cba5a7f39e3be4ab3b45067fa80faecad%7C0%7C0%7C637750114144576688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OsPLbt1Q6MnA3y0CFEa9qYHDSggYOsAJQCOle84MdrQ%3D&reserved=0> > --- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-tech/CAGdTMArkg14tVF-b0i4UWS59dvJyOYNy6MtjO3NCdWpL4M285A%40mail.gmail.com > > <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Fdspace-tech%2FCAGdTMArkg14tVF-b0i4UWS59dvJyOYNy6MtjO3NCdWpL4M285A%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Cdale.poulter%40vanderbilt.edu%7Cd3fbececdc0c4dec60da08d9be595132%7Cba5a7f39e3be4ab3b45067fa80faecad%7C0%7C0%7C637750114144576688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=5iUWeQIrvm6Jhubahyq7ClbNN0RC1Zh8VqqCJWj%2B7Ys%3D&reserved=0> > . > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/f70b2f5c-fd76-41d6-9344-4965de139550n%40googlegroups.com.
