<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
It uses JRuby<br>
<div dir="ltr"><br>
<blockquote type="cite">On Dec 14, 2021, at 11:19 AM, Steele, Henry <Henry.Steele@tufts.edu> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr"> I’m not sure who supports this now—HM?—, but I wanted to check about the Yale EAD exporter’s potential vulnerability.   It’s a plug-in but also has a stand alone application <br>
<div dir="ltr"><br>
</div>
<br>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
<blockquote type="cite">On Dec 13, 2021, at 2:01 PM, Blake Carver <blake.carver@lyrasis.org> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Nope, older versions should be safe as well.</div>
<div>
<div id="Signature">
<div>
<div id="divtagdefaultwrapper" dir="ltr" style="color:rgb(0,0,0); background-color:rgb(255,255,255)">
</div>
</div>
</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> archivesspace_users_group-bounces@lyralists.lyrasis.org <archivesspace_users_group-bounces@lyralists.lyrasis.org> on behalf of Steele, Henry
 <Henry.Steele@tufts.edu><br>
<b>Sent:</b> Monday, December 13, 2021 1:52 PM<br>
<b>To:</b> Archivesspace Users Group <archivesspace_users_group@lyralists.lyrasis.org><br>
<b>Subject:</b> Re: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?</font>
<div> </div>
</div>
<style>
<!--
@font-face
        {font-family:"Cambria Math"}
@font-face
        {font-family:Calibri}
p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif}
a:link, span.x_MsoHyperlink
        {color:blue;
        text-decoration:underline}
span.x_EmailStyle19
        {font-family:"Calibri",sans-serif;
        color:windowtext}
.x_MsoChpDefault
        {font-size:10.0pt}
@page WordSection1
        {margin:1.0in 1.0in 1.0in 1.0in}
div.x_WordSection1
        {}
-->
</style>
<div lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="x_WordSection1">
<p class="x_MsoNormal">Are people on earlier versions of ArchivesSpace , e.g. 2.7.1 that use archivesspace’s internal solr vulnerable?</p>
<p class="x_MsoNormal"> </p>
<div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">
<p class="x_MsoNormal"><b>From:</b> archivesspace_users_group-bounces@lyralists.lyrasis.org <archivesspace_users_group-bounces@lyralists.lyrasis.org>
<b>On Behalf Of </b>Peter Heiner<br>
<b>Sent:</b> Saturday, December 11, 2021 9:00 AM<br>
<b>To:</b> Archivesspace Users Group <archivesspace_users_group@lyralists.lyrasis.org><br>
<b>Subject:</b> Re: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?</p>
</div>
</div>
<p class="x_MsoNormal"> </p>
<div>
<p class="x_MsoNormal">While ArchivesSpace itself might not be vulnerable, those who run an extrrnal Solr instance should be aware that it itself may be, see <a href="https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228">https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228</a>
 for more information and some possible workarounds.</p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal">p</p>
</div>
<div class="x_MsoNormal" align="center" style="text-align:center">
<hr size="2" width="98%" align="center">
</div>
<div id="x_divRplyFwdMsg">
<p class="x_MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black">
<a href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org">archivesspace_users_group-bounces@lyralists.lyrasis.org</a> <<a href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org">archivesspace_users_group-bounces@lyralists.lyrasis.org</a>>
 on behalf of Tom Hanstra <<a href="mailto:hanstra@nd.edu">hanstra@nd.edu</a>><br>
<b>Sent:</b> 11 December 2021 13:21<br>
<b>To:</b> Archivesspace Users Group <<a href="mailto:archivesspace_users_group@lyralists.lyrasis.org">archivesspace_users_group@lyralists.lyrasis.org</a>><br>
<b>Subject:</b> [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?</span>
</p>
<div>
<p class="x_MsoNormal"> </p>
</div>
</div>
<div>
<div>
<div>
<p class="x_MsoNormal">There is a lot of buzz right now about the log4j exploit being used against Java applications. Does anyone know if ArchivesSpace is vulnerable to these exploits? </p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal">Tom</p>
</div>
<p class="x_MsoNormal">-- </p>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="x_MsoNormal"><b><span style="font-size:9.5pt; font-family:"Arial",sans-serif; color:#888888">Tom Hanstra</span></b></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="x_MsoNormal"><i><span style="font-size:9.5pt; font-family:"Arial",sans-serif; color:#888888">Sr. Systems Administrator</span></i><span style="font-size:9.5pt; color:#888888"></span></p>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:9.5pt; color:#888888"><a href="mailto:hanstra@nd.edu" target="_blank"><span style="font-family:"Arial",sans-serif; color:#1155CC">hanstra@nd.edu</span></a></span></p>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:9.5pt; color:#888888"> </span></p>
</div>
</div>
<div>
<p class="x_MsoNormal"><span style="font-size:9.5pt; color:#888888"><img border="0" width="276" height="30" id="x__x0000_i1026" style="width:2.875in; height:.3125in" src="https://docs.google.com/uc?export=download&id=1GFX1KaaMTtQ2Kg2u8bMXt1YwBp96bvf0&revid=0B7APN9POn6xAQ244WWFYMFU3aVJwZ0lxbmVHK3FxNXlCd0RRPQ" data-unique-identifier=""></span><span style="font-size:9.5pt; color:#888888"></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<span>_______________________________________________</span><br>
<span>Archivesspace_Users_Group mailing list</span><br>
<span>Archivesspace_Users_Group@lyralists.lyrasis.org</span><br>
<span>http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group</span><br>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>