CVE-2021-44228 log4j vulnerability

2021-12-11 Thread surbhi khandelwal 
Hi

I am using svn, version 1.6.11 (r934486) on rhel 1.6   could you kindly
help me understand if this is vulnerable to the latest java vulnaribility


Httpd version im using is 2.2.15

Looking for your help

Re: ASF Subversion version

2021-12-11 Thread Stefan Sperling 
On Sat, Dec 11, 2021 at 06:59:31AM -0600, Luke Mauldin wrote:
> Does the subversion project receive any funding from the ASF to hire
> professional developers to complete more complex tasks or is development 100%
> community driven and supported?

The ASF does not pay anyone for development. I think this is an unfortunate
situation because many ASF projects slowly die off as funding dries up.
I believe the ASF is unlikely to change this long-standing practice, even
though there are other open source foundations which fund developers.
The FreeBSD and OpenBSD foundations pay some development (see their
financial reports), and apparently a new PHP foundataion is starting up
with the sole purpose of funding PHP developers.

In the past many SVN developers were employed by companies who ran with
business models related to Subversion. This is the funding model the ASF
is promoting. However, as of a few years ago most such companies changed
direction and are no longer employing any SVN developers. Many people have
moved on as a result and are no longer active.

(Disclaimer: I still receive a small amount of indirect SVN-related funding
via elego's SVN customer support. I occasionally use some of this time
to work on various things in Subversion, even though this budget is not
intended to fund development beyond customer-specific issues which can
only be fixed in the code base. And it is not enough to cover complex tasks.)

Re: ASF Subversion version

2021-12-11 Thread Luke Mauldin 
Does the subversion project receive any funding from the ASF to hire 
professional developers to complete more complex tasks or is development 100% 
community driven and supported?

> On Dec 11, 2021, at 4:10 AM, Daniel Sahlberg  
> wrote:
> 
> 
> 
> 
> Den lör 11 dec. 2021 10:54Bo Berglund  skrev:
>> On Fri, 10 Dec 2021 07:59:02 -0600, Luke Mauldin  
>> wrote:
>> 
>> >Gotcha, thank you.
>> >
>> >> On Dec 10, 2021, at 7:14 AM, Mark Phippard  wrote:
>> >> 
>> >> ?On Fri, Dec 10, 2021 at 8:12 AM Luke Mauldin  
>> >> wrote:
>> >>> 
>> >>> I noticed that the ASF is still running Subversion 1.9.x which was 
>> >>> released quite a few years ago. Does anyone know why they haven’t at 
>> >>> least upgraded to the 10.x LTS release which itself is over 2 years old 
>> >>> at this point?
>> >> 
>> >> ASF Infra uses the package provided by the Linux distro they are using
>> >> rather than building and maintaining their own package.
>> >> 
>> 
>> Why is a constrruction company involved in Subversion?
>> 
>> http://www.asfinfrastructure.com/about-us.php
>> 
>> Strange
> 
> 
> ASF Infra is the group within Apache Software Foundation that is managing the 
> infrastructure, ie servers and network. 
> 
> Kind regards 
> Daniel

Re: ASF Subversion version

2021-12-11 Thread Daniel Sahlberg 
Den lör 11 dec. 2021 10:54Bo Berglund  skrev:

> On Fri, 10 Dec 2021 07:59:02 -0600, Luke Mauldin 
> wrote:
>
> >Gotcha, thank you.
> >
> >> On Dec 10, 2021, at 7:14 AM, Mark Phippard  wrote:
> >>
> >> ?On Fri, Dec 10, 2021 at 8:12 AM Luke Mauldin 
> wrote:
> >>>
> >>> I noticed that the ASF is still running Subversion 1.9.x which was
> released quite a few years ago. Does anyone know why they haven’t at least
> upgraded to the 10.x LTS release which itself is over 2 years old at this
> point?
> >>
> >> ASF Infra uses the package provided by the Linux distro they are using
> >> rather than building and maintaining their own package.
> >>
>
> Why is a constrruction company involved in Subversion?
>
> http://www.asfinfrastructure.com/about-us.php
>
> Strange
>

ASF Infra is the group within Apache Software Foundation that is managing
the infrastructure, ie servers and network.

Kind regards
Daniel

Re: ASF Subversion version

2021-12-11 Thread Bo Berglund 
On Fri, 10 Dec 2021 07:59:02 -0600, Luke Mauldin  wrote:

>Gotcha, thank you.
>
>> On Dec 10, 2021, at 7:14 AM, Mark Phippard  wrote:
>> 
>> ?On Fri, Dec 10, 2021 at 8:12 AM Luke Mauldin  wrote:
>>> 
>>> I noticed that the ASF is still running Subversion 1.9.x which was released 
>>> quite a few years ago. Does anyone know why they haven’t at least upgraded 
>>> to the 10.x LTS release which itself is over 2 years old at this point?
>> 
>> ASF Infra uses the package provided by the Linux distro they are using
>> rather than building and maintaining their own package.
>> 

Why is a constrruction company involved in Subversion?

http://www.asfinfrastructure.com/about-us.php

Strange

-- 
Bo Berglund
Developer in Sweden