sikuli-driver team mailing list archive

Thread
Date

Re: [Question #699854]: What about log4j 2.x vulnerability --- not used in SikuliX

To: sikuli-driver@xxxxxxxxxxxxxxxxxxx
From: RaiMan <question699854@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Dec 2021 12:35:41 -0000
Reply-to: question699854@xxxxxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Question #699854 on SikuliX changed:
https://answers.launchpad.net/sikuli/+question/699854

Summary changed to:
What about log4j 2.x vulnerability --- not used in SikuliX

Description changed to:
--------------- info
In some dependency of SikuliX log4j is mentioned as a dependency, but the version is 1.2.17.
Since the vulnerable version is log4j 2.x, it is correct, that SikuliX neither uses nor depends on the vulnerable log4j.
hence nothing to do with SikuliX.
----------------------------------------

Hi,
Does sikulix is exposed to the log4j vulnerability?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
If yes, what do you recommend?
Regards,
Marc

-- 
You received this question notification because your team Sikuli Drivers
is an answer contact for SikuliX.