Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Eclipse and log4j2 vulnerability (CVE-2021-44228)"
(Hawk not vulnerable (we only use log4j-api-jar-2.0.jar, not log4-core-*.jar as mentioned in the CVE)) |
|||
| Line 3: | Line 3: | ||
!Version | !Version | ||
!Status | !Status | ||
| + | !Comment | ||
|- | |- | ||
|Eclipse SDK | |Eclipse SDK | ||
|2021-12 | |2021-12 | ||
|Not Vulnerable | |Not Vulnerable | ||
| + | | | ||
|- | |- | ||
| − | | | + | |JGit |
| − | | | + | |1.0-5.13.0,6.0.0 |
| + | |Not Vulnerable | ||
| + | |org.eclipse.jgit.pgm uses log4j 1.2.15 | ||
| + | |- | ||
| + | |EGit | ||
| + | |1.0-5.13.0,6.0.0 | ||
|Not Vulnerable | |Not Vulnerable | ||
| + | |EGit does not use log4j | ||
|- | |- | ||
|Jetty | |Jetty | ||
|x.y.z | |x.y.z | ||
|Status | |Status | ||
| + | | | ||
|- | |- | ||
|StatET | |StatET | ||
|*.*.* | |*.*.* | ||
|Not Vulnerable | |Not Vulnerable | ||
| + | | | ||
|- | |- | ||
|Web Tools Platform | |Web Tools Platform | ||
|3.24 (2021-12) | |3.24 (2021-12) | ||
|Not Vulnerable | |Not Vulnerable | ||
| + | | | ||
|- | |- | ||
|Scout Runtime | |Scout Runtime | ||
|10.x - 22.x | |10.x - 22.x | ||
|Not Vulnerable | |Not Vulnerable | ||
| + | | | ||
|- | |- | ||
|Eclipse Hawk | |Eclipse Hawk | ||
|*.*.* | |*.*.* | ||
|Not Vulnerable | |Not Vulnerable | ||
| + | | | ||
|} | |} | ||
Revision as of 18:29, 13 December 2021
| Project | Version | Status | Comment |
|---|---|---|---|
| Eclipse SDK | 2021-12 | Not Vulnerable | |
| JGit | 1.0-5.13.0,6.0.0 | Not Vulnerable | org.eclipse.jgit.pgm uses log4j 1.2.15 |
| EGit | 1.0-5.13.0,6.0.0 | Not Vulnerable | EGit does not use log4j |
| Jetty | x.y.z | Status | |
| StatET | *.*.* | Not Vulnerable | |
| Web Tools Platform | 3.24 (2021-12) | Not Vulnerable | |
| Scout Runtime | 10.x - 22.x | Not Vulnerable | |
| Eclipse Hawk | *.*.* | Not Vulnerable |