True, but David claims it is... *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| *
*|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* On Tue, Jan 18, 2022 at 3:52 PM Seymour J Metz <sme...@gmu.edu> wrote: > > all RSU levels are the same > > No. The HOLDDATA change multiple times between levels. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf > of Itschak Mugzach [00000305158ad67d-dmarc-requ...@listserv.ua.edu] > Sent: Tuesday, January 18, 2022 2:28 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: More of LOG4J > > Thanks David, > > > 1. Even if you are right about the version numbers, we still have 5 > different versions here. > 2. Your claim about the sub-version is interesting. So Z/OS 2.4, just > fir example, all RSU levels are the same. I don't think so, and so do > the > NVD administrators. Read the range of the affected versions. it includes > all three levels. > 3. I am sure your company does a great job with versioning. > 4. The major issue with open source is that there is no formal life > cycle. Usually it is a vendor product that you need to completely > upgrade > instead of installing a PTF. See your offering such as BASH. It is > downloaded and installed. no service exists. Do you expect the user to > check every day if there is a new version? > > ITschak > > *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere > Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux > and IBM I **| * > > *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* > *Skype**: ItschakMugzach **|* *Web**: > http://secure-web.cisco.com/18jw22Iixgzti-EBXxg6vWn0F3OY5r5Gp8oO1oKVHF5_kUxYP1KB7fHFTQdXVgRIeqX1IuucbHKPxPh8qqPDIldAePAQO89Ts1FThaNo1aodm8nKlD6m8R4wK0QI6pUXAo4hOsFR815-StTt-LTTZ735ZXz_RuNKLZtfxB8QQkfnB-8g344vQzERl9qrJDSQsY90UFWKSPDnUa226Pjj1nnz32kG9-AvqTg5hQItx21pE7AUvWL1XppaTzIHS9tR0O6BXhjnPGf1R1fEJPuF7Zn1dSfoGN-qoYaUD4DCjy5bsttJT1aN9gLyUg-EhqewCDPIxtOMDjzIUmfVNpBNZjQPOCKAd5d6y42XB8tpi8FC9MAnBdaY_t315WjDsQtj7B_IBDRX60triI3xvhNq1cPstw0g1DWw2pgFBvmqIx0Or1TEUc7xrwv9zv-x0dPXR/http%3A%2F%2Fwww.Securiteam.co.il > **|* > > > > > > On Tue, Jan 18, 2022 at 4:52 AM David Crayford <dcrayf...@gmail.com> > wrote: > > > On 17/1/22 10:34 pm, ITschak Mugzach wrote: > > > Hi, > > > > > > We took the time to dive into the wider issue of open source and z/os. > > USS > > > is a scary jungle! > > > > Only to the ignorant. > > > > > > > > > > Without many details on the how, we discovered that on our z/os 2.3 > there > > > are 19 (!) different versions of Apache Ant: 1.5.3, 1.6.2, 1.6.5, > 1.7.0, > > > 1.7.1, 1.8.0, 1.8.1, 1.8.2, 1.8.2, 1.8.2, 1.8.3 ,1.8.4, 1.9.0, 1.9.2, > > 1.9.3 > > > ,1.9.4, 1.9.6 ,1.9.7, 1.9.8 used by 1000 plus jar files and sharing 4 > > CVEs. > > > > I take it you don't understand the concept of semantic versioning. Those > > are not all different versions, the last digit is the patch. We do this > > in our (mainframe) products too. > > In fact, we go further and add the Git commit hash to the version > > message so we can track the version the customer is running down to a > > line of code. > > > > Apache Ant is a build system and not part of a runtime. I don't share > > your concerns. > > > > > > > > > > Nice divers... and as others may say "What you don't know doesn't hurt > > you". > > > > > > ITschak > > > > > > ITschak Mugzach > > > *|** IronSphere Platform* *|* *Information Security Continuous > Monitoring > > > for z/OS, x/Linux & IBM I **| z/VM coming soon * > > > > > > ---------------------------------------------------------------------- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN