log4shell vulnerability

40 views

Skip to first unread message

riou...@gmail.com

unread,

Dec 14, 2021, 9:44:42 AM12/14/21

to onebusaway-developers

Hello all,

Following the recent discovery of the log4shell exploit, I have been looking at our in-house OBA instances we use for testing as well as a couple of our own applications that make use of your org.onebusaway.gtfs module. I found that they do depend on the log4j library and therefore could be vulnerable.

Are there any way to update the log4j version used to version 2.15.0 containing the patch?

Sean Barbeau

unread,

Dec 14, 2021, 2:01:10 PM12/14/21

to onebusaway-developers

Hi,

See https://github.com/OneBusAway/onebusaway-application-modules/issues/300 for discussion of this topic.

Sean

riou...@gmail.com

unread,

Dec 14, 2021, 2:46:43 PM12/14/21

to onebusaway-developers

Thank you for your quick reply

Reply all

Reply to author

Forward

0 new messages