Open Foris Collect and log4j

Dear Open Foris Team,

as far as I have seen, Open Foris Collect uses the Java library log4j. At the end of 2021, a serious security vulnerability was discovered in the Java library log4j. Has this security vulnerability been closed in the current version 4.0.89 for Windows or does this problem still exist?

With kind regards

collect

asked 14 Mar, 08:42

NLPA
11●2
accept rate: 0%

One Answer:

active answers oldest answers newest answers popular answers

Dear user,
There were vulnerabilities in versions of log4j previous to 2.17.0 (18/12/2021) but they were fixed alredy in version 2.17.1 and Collect 4.0.89 uses version 2.20.0 (not the latest one, but it's from 21/02/2023), so it's not affected by this problem.
Many thanks for having raised this question and put an alert on that, it's always good to have a double check on these kind of issues.
Many thanks,
Open Foris Team

permanent link

answered 14 Mar, 10:19

Stefano (OF) ♦♦
4.8k●1●1●9
accept rate: 19%

Your answer

toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

collect ×494

question asked: 14 Mar, 08:42

question was seen: 1,153 times

last updated: 14 Mar, 10:19

Open Foris Collect and log4j

Follow this question

Related questions