Re: [Sikuli-driver] [Question #699868]: High-risk vulnerability in Log4j 2.x --- not used with SikuliX
Question #699868 on SikuliX changed: https://answers.launchpad.net/sikuli/+question/699868 munsey posted a new comment: I also has been face this issue when I used the https://tubbomerchshop.com/ for my further work. -- You received this question notification because your team Sikuli Drivers is an answer contact for SikuliX. ___ Mailing list: https://launchpad.net/~sikuli-driver Post to : sikuli-driver@lists.launchpad.net Unsubscribe : https://launchpad.net/~sikuli-driver More help : https://help.launchpad.net/ListHelp
Re: [Sikuli-driver] [Question #699868]: High-risk vulnerability in Log4j 2.x --- not used with SikuliX
Question #699868 on SikuliX changed: https://answers.launchpad.net/sikuli/+question/699868 Status: Expired => Solved RaiMan changed the question status: definitely no problems with SikuliX -- You received this question notification because your team Sikuli Drivers is an answer contact for SikuliX. ___ Mailing list: https://launchpad.net/~sikuli-driver Post to : sikuli-driver@lists.launchpad.net Unsubscribe : https://launchpad.net/~sikuli-driver More help : https://help.launchpad.net/ListHelp
Re: [Sikuli-driver] [Question #699868]: High-risk vulnerability in Log4j 2.x --- not used with SikuliX
Question #699868 on SikuliX changed: https://answers.launchpad.net/sikuli/+question/699868 Status: Open => Expired Launchpad Janitor expired the question: This question was expired because it remained in the 'Open' state without activity for the last 15 days. -- You received this question notification because your team Sikuli Drivers is an answer contact for SikuliX. ___ Mailing list: https://launchpad.net/~sikuli-driver Post to : sikuli-driver@lists.launchpad.net Unsubscribe : https://launchpad.net/~sikuli-driver More help : https://help.launchpad.net/ListHelp
Re: [Sikuli-driver] [Question #699868]: High-risk vulnerability in Log4j 2.x --- not used with SikuliX
Question #699868 on SikuliX changed: https://answers.launchpad.net/sikuli/+question/699868 Status: Answered => Open Kunal Gajbhiye is still having a problem: Hi, I am using sikulixapi-2.0.5.jar wherein I can see that log4j is being used which is of 1.2.17 version. So i just want to know whether log4j vulnerability issue will impact or not? I have gone thru above answered question but still i am not getting clarity from it so please assist me. -- You received this question notification because your team Sikuli Drivers is an answer contact for SikuliX. ___ Mailing list: https://launchpad.net/~sikuli-driver Post to : sikuli-driver@lists.launchpad.net Unsubscribe : https://launchpad.net/~sikuli-driver More help : https://help.launchpad.net/ListHelp
Re: [Sikuli-driver] [Question #699868]: High-risk vulnerability in Log4j 2.x --- not used with SikuliX
Question #699868 on SikuliX changed: https://answers.launchpad.net/sikuli/+question/699868 Chetan requested more information: as per latest updates A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. This vulnerability, which was discovered by Chen Zhaojun of Alibaba Cloud Security Team, impacts Apache Log4j 2 versions 2.0 to 2.14.1. There are reports from Log4j maintainers that the 1.x series may also vulnerable to this issue when using the JMS Appender class. -- You received this question notification because your team Sikuli Drivers is an answer contact for SikuliX. ___ Mailing list: https://launchpad.net/~sikuli-driver Post to : sikuli-driver@lists.launchpad.net Unsubscribe : https://launchpad.net/~sikuli-driver More help : https://help.launchpad.net/ListHelp
Re: [Sikuli-driver] [Question #699868]: High-risk vulnerability in Log4j 2.x --- not used with SikuliX
Question #699868 on SikuliX changed: https://answers.launchpad.net/sikuli/+question/699868 Summary changed to: High-risk vulnerability in Log4j 2.x --- not used with SikuliX Description changed to: --- information In some dependency of SikuliX log4j is mentioned as a dependency, but the version is 1.2.17. Since the vulnerable version is log4j 2.x, it is correct, that SikuliX neither uses nor depends on the vulnerable log4j. hence nothing to do with respect to SikuliX. --- High-risk vulnerability in Log4j which is being used in sikulixapi 2.0.5 package. Do we have any solution on this or we are safe to use the Sikuli version 2.0.5 ? For reference please check the url - https://www.veracode.com/blog/security-news/urgent-analysis-and- remediation-guidance-log4j-zero-day-rce-cve-2021-44228 Requesting to provide the solution as soon as possible. -- You received this question notification because your team Sikuli Drivers is an answer contact for SikuliX. ___ Mailing list: https://launchpad.net/~sikuli-driver Post to : sikuli-driver@lists.launchpad.net Unsubscribe : https://launchpad.net/~sikuli-driver More help : https://help.launchpad.net/ListHelp