Replies: 2 comments 1 reply
-
|
I'm not sure the intent of the discussion is clear. |
Beta Was this translation helpful? Give feedback.
-
|
Well, the latest update of Log4J is now 2.17.0. |
Beta Was this translation helpful? Give feedback.
-
|
I also don't get the point of this thread. Replace the bad jars with the good ones and wait for a release. If you were actually following this issue in regards to Ghidra you would have seen that guidance in the pinned issue and saw they were tracking it and the follow on CVEs there. |
Beta Was this translation helpful? Give feedback.
-
Well, currently the strike of the Log4J java lib security issue makes it necessary to be used now at least with version 2.16.0 and upwards as the latest known implication of a currently need to be defined lower limit of version.
In general we know about the critical issue of defining the line-up of necessary last versions of each element building in a whole collection called the recent valid configuration of a software system.
It is also the important issue with the NSA ghidra package as a matter of trust and consequent communications.
Beta Was this translation helpful? Give feedback.
All reactions