[Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?
Tom Hanstra
hanstra at nd.edu
Sat Dec 11 08:57:49 EST 2021
Right, it is bad. I'm digging around at everything this morning looking for
places that might be vulnerable.
There are a couple of gems in the gems directory which use older versions
of log4j (ladle-0.2.0-java, mizuno-0.6.11). No idea where those come into
play with the overall software.
Tom
On Sat, Dec 11, 2021 at 8:46 AM Blake Carver <blake.carver at lyrasis.org>
wrote:
> Almost certainly not, there's no absolutes in this stuff, but from
> everything I've read it's currently not vulnerable.
>
> This is a bad vulnerability, log4j is all over the place.
> ------------------------------
> *From:* archivesspace_users_group-bounces at lyralists.lyrasis.org <
> archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Tom
> Hanstra <hanstra at nd.edu>
> *Sent:* Saturday, December 11, 2021 8:21 AM
> *To:* Archivesspace Users Group <
> archivesspace_users_group at lyralists.lyrasis.org>
> *Subject:* [Archivesspace_Users_Group] log4j vulnerability in
> ArchivesSpace?
>
> There is a lot of buzz right now about the log4j exploit being used
> against Java applications. Does anyone know if ArchivesSpace is vulnerable
> to these exploits?
>
> Tom
> --
> *Tom Hanstra*
> *Sr. Systems Administrator*
> hanstra at nd.edu
>
>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>
--
*Tom Hanstra*
*Sr. Systems Administrator*
hanstra at nd.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20211211/270fceab/attachment.html>
More information about the Archivesspace_Users_Group
mailing list