I can only speak for 2.5.0 which flagged log4j-jboss-logmanager-1.2.0.Final.jar which came up on a security scan. Thanks for the tip on the docker images and the quick response!
From: Eric Wittmann <eric.wittmann@redhat.com>
Sent: Thursday, December 16, 2021 10:27 AM
To: Marcel Ouellette <mouellette@insuranceautomationgroup.com>
Cc: apicurio@lists.jboss.org
Subject: Re: [Apicurio] Apicurio Studio Quick Start
CAUTION:
This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Thanks Marcel. I'll have a look at that. Fortunately our docker images are not (as far as I can tell) affected. But I forgot to check the Quickstart (which is deployed on Wildfly IIRC). Do you happen to know what versions of Wildfly
are affected? Only if you happen to know - I can look it up. :)
On Thu, Dec 16, 2021 at 9:25 AM Marcel Ouellette <mouellette@insuranceautomationgroup.com> wrote:
I'm sure this anyone seeing this is probably well aware, however, it seemed best to send something. The apicurio studio (which is fantastic by the way) quickstart contains the now infamous log4j vulnerability. I understand maintainers have outside priorities and receive little in return so please know this isn't a complaint, just a friendly notification. Thank you.
_______________________________________________
Apicurio mailing list -- apicurio@lists.jboss.org
To unsubscribe send an email to apicurio-leave@lists.jboss.org
--
Eric Wittmann
Principal Software Engineer - Apicurio - Red Hat
He / Him / His