sikuli-driver team mailing list archive

Thread
Date

Re: [Question #699868]: High-risk vulnerability in Log4j 2.x --- not used with SikuliX

To: sikuli-driver@xxxxxxxxxxxxxxxxxxx
From: RaiMan <question699868@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Dec 2021 12:30:55 -0000
Reply-to: question699868@xxxxxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Question #699868 on SikuliX changed:
https://answers.launchpad.net/sikuli/+question/699868

Summary changed to:
High-risk vulnerability in Log4j 2.x --- not used with SikuliX

Description changed to:
------------------- information

In some dependency of SikuliX log4j is mentioned as a dependency, but
the version is 1.2.17.

Since the vulnerable version is log4j 2.x, it is correct, that SikuliX
neither uses nor depends on the vulnerable log4j.

hence nothing to do with respect to SikuliX.

-------------------------------------------------------------------

High-risk vulnerability in Log4j which is being used in sikulixapi 2.0.5 package.
 
Do we have any solution on this or we are safe to use the Sikuli version 2.0.5 ?

For reference please check the url -
https://www.veracode.com/blog/security-news/urgent-analysis-and-
remediation-guidance-log4j-zero-day-rce-cve-2021-44228

Requesting to provide the solution as soon as possible.

-- 
You received this question notification because your team Sikuli Drivers
is an answer contact for SikuliX.