Hello Andrew
OpenRefine 3.5.0 ships with Log4j 1.2.16, which is not affected
by this vulnerability as far as I know. If your organization has
more details to share about why they consider OpenRefine
vulnerable to this, I would be interested to know more about that.
Best wishes,
Antonin
Hello, my organization is taking my computer off the domain because of a log4j vulnerability that is tied to this application. what can I do to update log4j to continue to use this product? Thank you for your time. --
You received this message because you are subscribed to the Google Groups "OpenRefine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrefine+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openrefine/863b1f4c-6121-4ca9-8410-56bca8571162n%40googlegroups.com.
From our organization:
"A critical vulnerability affecting Log4j 2, versions through 2.14.1, has been identified (CVE-2021-44228) and is being actively exploited in the wild. The vulnerability allows for unauthenticated remote code execution."
Hi Andrew,
We are likely to stay with Log4j 1.x but upgrading to the latest version in 1.x sounds doable, perhaps in the coming days.
Best wishes,
Antonin
To view this discussion on the web visit https://groups.google.com/d/msgid/openrefine/c7743624-576c-4caa-8976-8edf40fa58c5n%40googlegroups.com.
Hmm, actually, Apache Spark uses the same log4j version and they have no plans to upgrade soon, so I will wait and see.
Antonin
To view this discussion on the web visit https://groups.google.com/d/msgid/openrefine/a9180adf-501f-7060-460b-e2e8cce36b01%40antonin.delpeuch.eu.
Thanks for letting us know. I will have another look and see what I can do.
Antonin
To view this discussion on the web visit https://groups.google.com/d/msgid/openrefine/41204143-5ff6-49ec-a9d6-dedbeadc31d1n%40googlegroups.com.
A new version 3.5.1 with updated log4j should be out in a few
days.
Antonin
To view this discussion on the web visit https://groups.google.com/d/msgid/openrefine/88adfe8c-2c4b-74ce-787e-80f92c51b439%40antonin.delpeuch.eu.