Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. CVE-2021-44228, log4j, Dancer, Apache2 (o...@leferguson.com)
2. Re: CVE-2021-44228, log4j, Dancer, Apache2 (Christian Ramseyer)
3. Re: CVE-2021-44228, log4j, Dancer, Apache2 (o...@leferguson.com)
--- Begin Message ---
I have been running Netdisco for ages under apache, but I honestly do not know
if dancer is still under the covers somewhere or how to check.
Is there any info on ensuring that Netdisco (+/- dancer) either does not have
this vulnerability or has been mitigated (and how/what-version)?
Linwood
--- End Message ---
--- Begin Message ---
Hi Linwood
Netdisco and Dancer is pure Perl only and does not use Log4j, so nothing
to worry about.
You might see the log4j-inspired Log4Perl library as a dependency in
some places, but it is not so closely related as that it would share the
vulnerability.
Cheers
Christian
On 12.12.21 15:46, o...@leferguson.com wrote:
> I have been running Netdisco for ages under apache, but I honestly do
> not know if dancer is still under the covers somewhere or how to check.
>
>
>
> Is there any info on ensuring that Netdisco (+/- dancer) either does not
> have this vulnerability or has been mitigated (and how/what-version)?
>
>
--- End Message ---
--- Begin Message ---
One less to worry about. Thank you.
-----Original Message-----
From: Christian Ramseyer <ramse...@netnea.com>
Sent: Sunday, December 12, 2021 1:19 PM
To: o...@leferguson.com; netdisco-users@lists.sourceforge.net
Subject: Re: [Netdisco] CVE-2021-44228, log4j, Dancer, Apache2
Hi Linwood
Netdisco and Dancer is pure Perl only and does not use Log4j, so nothing to
worry about.
You might see the log4j-inspired Log4Perl library as a dependency in some
places, but it is not so closely related as that it would share the
vulnerability.
Cheers
Christian
On 12.12.21 15:46, o...@leferguson.com wrote:
> I have been running Netdisco for ages under apache, but I honestly do
> not know if dancer is still under the covers somewhere or how to check.
>
>
>
> Is there any info on ensuring that Netdisco (+/- dancer) either does
> not have this vulnerability or has been mitigated (and how/what-version)?
>
>
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
