BridgeDb and log4j

[Egon Willighagen]

Hi everyone,

Like many other Java software, the BridgeDb library also uses Log4j.

Fortunately, the switch to Log4j 2.x only happened in release 3.0.7 of last month. Versions 3.0.8 and 3.0.9 are also affected.

If you use one of these the minor releases, please update to 3.0.10 released on Friday.

Egon

[Egon Willighagen]

Hi all,

a quick follow up.

On Sun, Dec 12, 2021 at 11:27 PM Egon Willighagen <egon.wil...@gmail.com> wrote:

Like many other Java software, the BridgeDb library also uses Log4j.

The BridgeDb webservice has log4j as compile time dependency, but not as a runtime dependency. You can run it without log4j.

 

Fortunately, the switch to Log4j 2.x only happened in release 3.0.7 of last month. Versions 3.0.8 and 3.0.9 are also affected. 

If you use one of these the minor releases, please update to 3.0.10 released on Friday.

Apache Log4j release earlier this week a second, more hardened version of Log4j, 2.16.0. 

I have released BridgeDb 3.0.11 with Log4j 2.16.0. Update is recommended if you use BridgeDb in a server/service setting with log4j.

With kind regards,

Egon 

--

----

BiGCaT received a NWO Open Science grant to support our research into interoperability of biological data and knowledge: https://www.nature.com/articles/d41586-021-03418-1 and https://www.nwo.nl/en/researchprogrammes/open-science/open-science-fund/open-science-fund-2021-awarded-grants

-----

E.L. Willighagen
Department of Bioinformatics - BiGCaT
Maastricht University (http://www.bigcat.unimaas.nl/)

Twitter/Mastodon: @egonwillighagen / @egonw
Homepage: http://egonw.github.io/
Blog: http://chem-bla-ics.blogspot.com/
PubList: https://www.zotero.org/egonw
ORCID: 0000-0001-7542-0286
ImpactStory: https://impactstory.org/u/egonwillighagen