Re: [topbraid-users] Log4j ?

Hmmm, does that hold even if TBC is connected to a Git repository? On Friday, December 17, 2021 at 5:35:00 AM UTC-5 Richard Cyganiak wrote: > To be vulnerable to Log4shell exploits, a system must accept remote > connections, accept some sort of input provided by the remote client, and > log th

[topbraid-users] Re: Log4j ?

Apache Jena Fuseki is affected (and there's a fix release - 4.3.1). Apache Jena libraries use a logging facade and the libraries don't ship or depend on log4j2 - the user/application adds the logging of choice. Beware that parse errors from data read in may cause a logging message. This include

Re: [topbraid-users] Log4j ?

To be vulnerable to Log4shell exploits, a system must accept remote connections, accept some sort of input provided by the remote client, and log that input through Log4j. TBC refuses remote requests without logging any client-provided input through Log4j, and is therefore not vulnerable, accor

[topbraid-users] Log4j ?

Dear TQ We are asked by our management to check own-installed software on our systems for Apache Log4j issue vulnerability. Can you say something about that for TBC? (knowing that Jena is on the list (log4shell/software at main * NCSC-NL/log4shell (github.com)