Kea-users, The Kea code from ISC does not contain any Java and does not link to Log4J. However, Stork users might be interested to know that the Swagger API generator does use Log4J in a test function. Normal usage of Stork does not expose the deployment to this vulnerability.
In an unrelated note, Grafana, also used by Stork for data visualization, has a recent 0-day vulnerability. (https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p) Stork bundles Grafana in the included Stork demo, which should not be used in production. In any case, Stork users who are also using Grafana should follow Grafana for vulnerability updates. Regards, Vicky Risk, Product Manager _______________________________________________ ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
