Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Eclipse and log4j2 vulnerability (CVE-2021-44228)
Revision as of 09:32, 14 December 2021 by Denis.roy.eclipse-foundation.org (Talk | contribs) (Merge edit by Vishal sharnagat.in.ibm.com)
Project | Version | Status | Comment | |
---|---|---|---|---|
Eclipse SDK | *.*.* | Not Vulnerable | Eclipse SDK does not use log4j | |
JGit | 1.0-5.13.0,6.0.0 | Not Vulnerable | org.eclipse.jgit.pgm uses log4j 1.2.15 | |
EGit | 1.0-5.13.0,6.0.0 | Not Vulnerable | EGit does not use log4j | |
Jetty | *.*.* | Not Vulnerable | Blog: Jetty & Log4j2 exploit CVE-2021-44228 | |
StatET | *.*.* | Not Vulnerable | ||
Web Tools Platform | *.*.* | Not Vulnerable | log4j 1.2.15 is used in an unused dependency in a single test plug-in | |
Scout Runtime | 10.x - 22.x | Not Vulnerable | ||
Eclipse Hawk | *.*.* | Not Vulnerable | ||
Eclipse Theia | *.*.* | Not Vulnerable | ||
Eclipse Dash | *.*.* | Not Vulnerable | ||
Linux Tools | *.*.* | Not Vulnerable | ||
Linux Tools | *.*.* | Not Vulnerable | ||
Eclipse JKube | *.*.* | Not Vulnerable | Eclipse JKube does not use log4j | |
Eclipse Process Framework | *.*.* | Not Vulnerable | log4j 1.2.15 is used |