Comments (3)
herve91
commented on September 26, 2024
Hi,
My plugins effectively do use Log4J to generate their log files.
Nevertheless, the vulnerability concerns Log4J release 2 but I am using Log4J release 1.
So I confirm that none of my plugins are concerned by the vulnerability.
Best regards
from snow-import-plugin.
bepe1965
commented on September 26, 2024
Hi Herve91
thanks you for your quick reply.
I asked one of our security experts - and he came back with the following answer:
I can see that log4j-1.2.17.jar is being used - and this is vulnarable (See the link below)
https://www.cvedetails.com/cve/CVE-2019-17571/
He adviced against using this version.
Do you have any plans to update to the latest version - or perhaps advice on if the above version is safe to use in this context.
Thanks in advance.
from snow-import-plugin.
herve91
commented on September 26, 2024
You might have been clearer in your first post ;)
I was refering to the exploit that has been released last December (https://www.cvedetails.com/cve/CVE-2021-44228) that does not concern Log4J release 1.
This said, I'm using an old version of Log4J but that has got few advantages: it is simple to configure and to use and I unfortunately do not have time to replace it soon.
But as my plugins are open sources, please do not hesitate to contribute. You may do it yourself or ask your dev team to do it ;)
Best regards
from snow-import-plugin.
Related Issues (16)
- INI Configuration HOT 13
- Feature request: support ServiceNow plugin in ACLI HOT 1
- Specifying a filter is being added as a separate sysparm_query and is ignored by SN
- latest version SNOW plugin HOT 1
- Plugin not working with Archi 4.8.1 HOT 2
- Is it possible to add an explicit license? HOT 3
- Plugin not working with 2FA authent HOT 2
- Relationships HOT 16
- pass objects from service now to Archi HOT 5
- Plugin is not working with Archi4.5 HOT 2
- Add filter on URL of import of relationships - useful for large sets HOT 4
- When Java exception is thrown due to JSON parse log the raw JSON for the culprit CI HOT 2
- Fetching and parsing SN relationships per type instead of all in a single request HOT 1
- NumberFormatException when applying valid filter &sysparm_display_value=true on CI mapping HOT 2
- Exception encountered due to whitespace in link value to be dereferenced HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from snow-import-plugin.