On 28 Dec 2021, at 11:16 am, Aaron Rosenzweig wrote:
> Should we upgrade the Wonder jars to v2.16?
We could (and it's 2.17 now!), and Henrique mentioned on Slack he would take a
look at this. Unfortunately it's more complicated than just bumping version
numbers:
Should we upgrade the Wonder jars to v2.16?
I realize they are currently on v1.x which isn’t affected by the latest
stirrings on the inter webs but maybe this is a good time to move it forward?
v1.x has a small number of vulnerabilities of its own, though most people
aren’t affected by them
Just to update this:
On 14 Dec 2021, at 12:07, Paul Hoadley via Webobjects-dev
wrote:
> * In any case, if you're definitely using Log4J 2 (we are—I went to some
> effort months ago to set it up!), you can mitigate the issue immediately by
> re-launching all instances with
Hi Paul, hi Ken,
thank you so much for the info!!!
I use only Wonder, and the only Log4J I see in the class path is
log4j-1.2.17 from ERJar, so I think is ok.
Thanks again!!!
*Daniele Corti - **IT*
VINATI Srl
rs.dani...@vinati.com
tel: +39 030 2532813
fax: +39 030 2532814
Hello,
On 13 Dec 2021, at 20:56, Daniele Corti via Webobjects-dev
wrote:
> Today the vulnerability CVE-2021-44228 details (log4j) are out and looks like
> all log4j versions are affected!
>
> I’ve seen many attempt on the logs of the servers, but I was not able to
> understand if also my
The vulnerability is only log4j 2
> On Dec 13, 2021, at 05:26, Daniele Corti via Webobjects-dev
> wrote:
>
>
> Hi List!
> Today the vulnerability CVE-2021-44228 details (log4j) are out and looks like
> all log4j versions are affected!
>
> I’ve seen many attempt on the logs of the servers,
Hi List!
Today the vulnerability CVE-2021-44228 details (log4j) are out and looks
like all log4j versions are affected!
I’ve seen many attempt on the logs of the servers, but I was not able to
understand if also my ERJar which contains the log4j-1.2.17 is affected.
Anyone was able to check if