[Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?

Steele, Henry Henry.Steele at tufts.edu
Tue Dec 14 11:25:06 EST 2021


It uses JRuby

On Dec 14, 2021, at 11:19 AM, Steele, Henry <Henry.Steele at tufts.edu> wrote:

 I’m not sure who supports this now—HM?—, but I wanted to check about the Yale EAD exporter’s potential vulnerability.   It’s a plug-in but also has a stand alone application




On Dec 13, 2021, at 2:01 PM, Blake Carver <blake.carver at lyrasis.org> wrote:


Nope, older versions should be safe as well.
________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Steele, Henry <Henry.Steele at tufts.edu>
Sent: Monday, December 13, 2021 1:52 PM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
Subject: Re: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?


Are people on earlier versions of ArchivesSpace , e.g. 2.7.1 that use archivesspace’s internal solr vulnerable?



From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> On Behalf Of Peter Heiner
Sent: Saturday, December 11, 2021 9:00 AM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
Subject: Re: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?



While ArchivesSpace itself might not be vulnerable, those who run an extrrnal Solr instance should be aware that it itself may be, see https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 for more information and some possible workarounds.



p

________________________________

From: archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org> <archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org>> on behalf of Tom Hanstra <hanstra at nd.edu<mailto:hanstra at nd.edu>>
Sent: 11 December 2021 13:21
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org<mailto:archivesspace_users_group at lyralists.lyrasis.org>>
Subject: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?



There is a lot of buzz right now about the log4j exploit being used against Java applications. Does anyone know if ArchivesSpace is vulnerable to these exploits?



Tom

--

Tom Hanstra

Sr. Systems Administrator

hanstra at nd.edu<mailto:hanstra at nd.edu>



[https://docs.google.com/uc?export=download&id=1GFX1KaaMTtQ2Kg2u8bMXt1YwBp96bvf0&revid=0B7APN9POn6xAQ244WWFYMFU3aVJwZ0lxbmVHK3FxNXlCd0RRPQ]

_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group at lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20211214/1530916d/attachment.html>


More information about the Archivesspace_Users_Group mailing list