date:20211212

Re: Significant security vulnerability discovered in Log4j

2021-12-12 Thread Steven Smith

Please see https://github.com/macports/macports-ports/pull/13331 > On Dec 12, 2021, at 7:36 AM, Nils Breunese wrote: > > 2. elasticsearch 7.15.2_0 includes log4j-core-2.11.1.jar, which is a > vulnerable version of Log4J 2.x > > https://github.com/elastic/elasticsearch/issues/81618 >

Re: Significant security vulnerability discovered in Log4j

2021-12-12 Thread Eric Gallager via macports-dev

On Sun, Dec 12, 2021 at 3:53 PM Nils Breunese wrote: > > Nils Breunese wrote: > > > Eric Gallager wrote: > > > >> On Sun, Dec 12, 2021 at 4:57 AM Joshua Root wrote: > >>> > >>> On 2021-12-12 20:02 , Nils Breunese wrote: > It could be the case the MacPorts has ports for Java-based

Re: Question about `platforms` and `${os.platform}`

2021-12-12 Thread Daniel J. Luke

On Dec 11, 2021, at 7:42 PM, Jason Liu wrote: > Actually, I find myself needing to use them more and more. For example, I now > often have to check for macOS < 10.12, due to the large overhaul that > happened in AppKit between 10.11 and 10.12. My workarounds for older versions > of macOS are

Re: Significant security vulnerability discovered in Log4j

2021-12-12 Thread Nils Breunese

Nils Breunese wrote: > Eric Gallager wrote: > >> On Sun, Dec 12, 2021 at 4:57 AM Joshua Root wrote: >>> >>> On 2021-12-12 20:02 , Nils Breunese wrote: It could be the case the MacPorts has ports for Java-based applications that include a vulnerable version of the Log4J library. A

Re: Significant security vulnerability discovered in Log4j

2021-12-12 Thread Nils Breunese

Eric Gallager wrote: > On Sun, Dec 12, 2021 at 4:57 AM Joshua Root wrote: >> >> On 2021-12-12 20:02 , Nils Breunese wrote: >>> It could be the case the MacPorts has ports for Java-based applications >>> that include a vulnerable version of the Log4J library. A port that >>> includes a file

Re: Question about `platforms` and `${os.platform}`

2021-12-12 Thread Chris Jones

> On 12 Dec 2021, at 6:51 pm, Jason Liu wrote: > > >> On Sun, Dec 12, 2021 at 3:03 AM Joshua Root wrote: >>> On 2021-12-12 11:54 , Jason Liu wrote: >>> On Sat, Dec 11, 2021 at 6:41 PM Chris Jones >> > wrote: No, because that would render the

Re: Question about `platforms` and `${os.platform}`

2021-12-12 Thread Jason Liu

On Sun, Dec 12, 2021 at 3:03 AM Joshua Root wrote: > On 2021-12-12 11:54 , Jason Liu wrote: > >> On Sat, Dec 11, 2021 at 6:41 PM Chris Jones > > wrote: >> >>> >>> No, because that would render the port non functional on non darwin >>> OSes. You should

Re: Significant security vulnerability discovered in Log4j

2021-12-12 Thread Steven Smith

Please see: https://github.com/macports/macports-ports/pull/13322 > On Dec 12, 2021, at 7:36 AM, Nils Breunese wrote: > > https://github.com/apache/solr/pull/454#issuecomment-991066278 > says: "Just > open your solr.in.sh in

Re: 10.15 Xcode version: Buildbot, vs. GitHub CI

2021-12-12 Thread Christopher Nielsen

> On 2021-12-01-W, at 18:33, Ryan Schmidt wrote: > >> On Dec 1, 2021, at 09:18, Christopher Nielsen wrote: >> >> * Would it be feasible to update our 10.15 buildbot to a newer Xcode >> release? Or are there certain ports/situations that necessitate remaining >> with 11.7? > > Because there

Re: Significant security vulnerability discovered in Log4j

2021-12-12 Thread Nils Breunese

Nils Breunese wrote: > For versions of Log4J 2.x older than these properties are not read yet. (…) I meant to write: For versions of Log4J 2.x older than *2.10* these properties are not read yet, so you can’t use the properties to mitigate the vulnerability if you’re using Log4J < 2.10.

Re: Significant security vulnerability discovered in Log4j

2021-12-12 Thread Nils Breunese

Joshua Root wrote: > On 2021-12-12 20:02 , Nils Breunese wrote: >> It could be the case the MacPorts has ports for Java-based applications that >> include a vulnerable version of the Log4J library. A port that includes a >> file called log4j-$version.jar with $version in the range 2.0.0-2.14.1

Re: Significant security vulnerability discovered in Log4j

2021-12-12 Thread Joshua Root

On 2021-12-12 20:02 , Nils Breunese wrote: It could be the case the MacPorts has ports for Java-based applications that include a vulnerable version of the Log4J library. A port that includes a file called log4j-$version.jar with $version in the range 2.0.0-2.14.1 could be vulnerable. This

Re: Significant security vulnerability discovered in Log4j

2021-12-12 Thread Nils Breunese

Eric Gallager wrote: > On Fri, Dec 10, 2021 at 6:00 PM Jason Liu wrote: >> >> In case everyone hadn't heard the news. If anyone is running Log4j for >> logging on any of your web servers, you might want to read this. >> >> WIRED: 'The Internet Is On Fire' >> A vulnerability in the Log4j

Re: Significant security vulnerability discovered in Log4j

Re: Significant security vulnerability discovered in Log4j

Re: Question about `platforms` and `${os.platform}`

Re: Significant security vulnerability discovered in Log4j

Re: Significant security vulnerability discovered in Log4j

Re: Question about `platforms` and `${os.platform}`

Re: Question about `platforms` and `${os.platform}`

Re: Significant security vulnerability discovered in Log4j

Re: 10.15 Xcode version: Buildbot, vs. GitHub CI

Re: Significant security vulnerability discovered in Log4j

Re: Significant security vulnerability discovered in Log4j

Re: Significant security vulnerability discovered in Log4j

Re: Significant security vulnerability discovered in Log4j

13 matches

Site Navigation

Mail list logo

Footer information