RE: Is FOP impacted by the Log4shell vulnerability?

2021-12-14 Thread Simon Steiner
Hi, We don’t include log4j. Thanks -Original Message- From: Bryan K. Walton Sent: 13 December 2021 14:41 To: fop-users@xmlgraphics.apache.org Subject: Is FOP impacted by the Log4shell vulnerability? Hi, is Apache FOP susceptible to the Log4shell vulnerability that is making

Is FOP impacted by the Log4shell vulnerability?

2021-12-14 Thread Bryan K. Walton
Hi, is Apache FOP susceptible to the Log4shell vulnerability that is making the rounds right now? Thanks! Bryan Walton - To unsubscribe, e-mail: fop-users-unsubscr...@xmlgraphics.apache.org For additional commands, e-mail:

Re: Is FOP impacted by the Log4shell vulnerability?

2021-12-13 Thread Jon Schewe
mber 2021 16:40To: fop-users@xmlgraphics.apache.org > Subject: Re: Is FOP impacted by the Log4shell vulnerability? > Hi all, > I'm using FOP from my application but in command mode (just launching > fop.bat or through powsershell). The swiss government IT asks me if > my application co

RE: Is FOP impacted by the Log4shell vulnerability?

2021-12-13 Thread simonsteiner1984
Hi, The binary/zip release doesn’t include log4j, for maven you should check mvn dependency:tree Thanks -Original Message- From: Jean-Pierre Lamon Sent: 13 December 2021 16:40 To: fop-users@xmlgraphics.apache.org Subject: Re: Is FOP impacted by the Log4shell vulnerability? Hi all

Re: Is FOP impacted by the Log4shell vulnerability?

2021-12-13 Thread Jean-Pierre Lamon
Hi all, I'm using FOP from my application but in command mode (just launching fop.bat or through powsershell). The swiss government IT asks me if my application could be vulnerable. What must be my response? My future in jail or not depends on your response ;-) Thx JP Le 13.12.2021 à

Re: Is FOP impacted by the Log4shell vulnerability?

2021-12-13 Thread Bryan K. Walton
On Mon, Dec 13, 2021 at 03:02:22PM +, Matt Kynaston wrote: > >From what I can tell (I just use the library) it doesn't depend on log4j > itself. However, given that the library is typically included in other > applications and that may well use a vulnerable version, your best bet is > to check

Re: Is FOP impacted by the Log4shell vulnerability?

2021-12-13 Thread Matt Kynaston
>From what I can tell (I just use the library) it doesn't depend on log4j itself. However, given that the library is typically included in other applications and that may well use a vulnerable version, your best bet is to check the actual jars / wars with a tool like at

Is FOP impacted by the Log4shell vulnerability?

2021-12-13 Thread Bryan K. Walton
Hi, is Apache FOP susceptible to the Log4shell vulnerability that is making the rounds right now? Thanks! Bryan Walton - To unsubscribe, e-mail: fop-users-unsubscr...@xmlgraphics.apache.org For additional commands, e-mail: