Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Eclipse and log4j2 vulnerability (CVE-2021-44228)"
(Add Eclipse JKube to the list) |
|||
| Line 59: | Line 59: | ||
| | | | ||
|- | |- | ||
| − | | | + | |Eclipse JKube |
|*.*.* | |*.*.* | ||
|Not Vulnerable | |Not Vulnerable | ||
| − | | | + | |Eclipse JKube does not use log4j |
|- | |- | ||
| − | |Eclipse | + | |Eclipse Modeling Framework (EMF) |
|*.*.* | |*.*.* | ||
|Not Vulnerable | |Not Vulnerable | ||
| − | | | + | | Uses log4j 1.x, but only in Xcore tools bundles, not in any runtime bundles deployed in applications. |
|- | |- | ||
| + | |XML Schema Definition (XSD) | ||
| + | |*.*.* | ||
| + | |Not Vulnerable | ||
| + | | Does not use log4j. | ||
| + | |- | ||
| + | |JustJ | ||
| + | |*.*.* | ||
| + | |Not Vulnerable | ||
| + | | Does not use log4j and log4j is not included in the JRE themselves. | ||
| + | |- | ||
| + | |Oomph | ||
| + | |*.*.* | ||
| + | |Not Vulnerable | ||
| + | | Does not use log4j. | ||
|} | |} | ||
Revision as of 01:10, 14 December 2021
| Project | Version | Status | Comment |
|---|---|---|---|
| Eclipse SDK | *.*.* | Not Vulnerable | Eclipse SDK does not use log4j |
| JGit | 1.0-5.13.0,6.0.0 | Not Vulnerable | org.eclipse.jgit.pgm uses log4j 1.2.15 |
| EGit | 1.0-5.13.0,6.0.0 | Not Vulnerable | EGit does not use log4j |
| Jetty | *.*.* | Not Vulnerable | Blog: Jetty & Log4j2 exploit CVE-2021-44228 |
| StatET | *.*.* | Not Vulnerable | |
| Web Tools Platform | *.*.* | Not Vulnerable | log4j 1.2.15 is used in an unused dependency in a single test plug-in |
| Scout Runtime | 10.x - 22.x | Not Vulnerable | |
| Eclipse Hawk | *.*.* | Not Vulnerable | |
| Eclipse Theia | *.*.* | Not Vulnerable | |
| Eclipse Dash | *.*.* | Not Vulnerable | |
| Linux Tools | *.*.* | Not Vulnerable | |
| Eclipse JKube | *.*.* | Not Vulnerable | Eclipse JKube does not use log4j |
| Eclipse Modeling Framework (EMF) | *.*.* | Not Vulnerable | Uses log4j 1.x, but only in Xcore tools bundles, not in any runtime bundles deployed in applications. |
| XML Schema Definition (XSD) | *.*.* | Not Vulnerable | Does not use log4j. |
| JustJ | *.*.* | Not Vulnerable | Does not use log4j and log4j is not included in the JRE themselves. |
| Oomph | *.*.* | Not Vulnerable | Does not use log4j. |