EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024  2025  2026  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024  2025  2026 
<== Date ==> <== Thread ==>
Subject: Re: Log4Shell approaches
From: Matt Clarke via Tech-talk <[email protected]>
To: "[email protected]" <[email protected]>
Date: Tue, 14 Dec 2021 06:42:16 +0000

Hi.

 

As far as I understand, the security issue has been fixed so updating should be sufficient.

 

From the Logback page: “Fortunately, logback is unrelated to log4j 2.x and does not share its vulnerabilities.”

If I was cynical I might read that as “it probably has its own unique vulnerabilities which haven’t been found yet” ;)

 

Ultimately, like a lot of OSS, both projects seem to be maintained by a handful of core developers.

 

Cheers,

 

Matt

 

 

From: Tech-talk <[email protected]> on behalf of "Shankar, Murali via Tech-talk" <[email protected]>
Reply-To: "Shankar, Murali" <[email protected]>
Date: Monday, 13 December 2021 at 18:58
To: "[email protected]" <[email protected]>
Subject: Log4Shell approaches

 

We were wondering if others had any recommendations on this. That is, should we continue using/migrating to log4j2 ( and hope the security issues are fixed ) or should we consider alternatives like logback etc. Any thoughts are appreciated.

 

Regards,

Murali

 

Replies:
Re: Log4Shell approaches Jörn Dreyer via Tech-talk
RE: Log4Shell approaches Carriveau, Anthony via Tech-talk
References:
Log4Shell approaches Shankar, Murali via Tech-talk
Navigate by Date:
Prev: Re: Can single soft-IOC control multiple OMS SPI-MAXnet controllers? Mrinal Bera via Tech-talk
Next: Re: Log4Shell approaches Jörn Dreyer via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024  2025  2026 
Navigate by Thread:
Prev: Log4Shell approaches Shankar, Murali via Tech-talk
Next: Re: Log4Shell approaches Jörn Dreyer via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024  2025  2026 
ANJ, 19 Mar 2026 · Home · News · About · Talk · Base · Modules · Extensions ·
· Distributions · Download · Documents · Links · Licensing ·