log4j

[wpwen...@gmail.com]

With all the frenzied buzz right now over the latest zero day exploit (https://www.lunasec.io/docs/blog/log4j-zero-day/), can anyone confirm the ISLE stack is free from log4j vulnerabilities, and if not, is a patched build coming down the pipe?

Thanks!

Paul

[ga...@born-digital.com]

Hello,

As the maintainer of the ISLE 7 stack, I can confirm that we've patched the recent ISLE 1.5.13 isle-fedora image such that it is free of log4j vulnerabilities. 

Re the ISLE 8 stack, I'd recommend that you follow along here https://github.com/Islandora-Devops/isle-buildkit/issues/168 for the most recent updates on patching. 

Thanks, 

Gavin