EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Re: Log4Shell approaches
From: Matt Clarke via Tech-talk <tech-talk at aps.anl.gov>
To: "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov>
Date: Tue, 14 Dec 2021 06:42:16 +0000

Hi.

 

As far as I understand, the security issue has been fixed so updating should be sufficient.

 

From the Logback page: “Fortunately, logback is unrelated to log4j 2.x and does not share its vulnerabilities.”

If I was cynical I might read that as “it probably has its own unique vulnerabilities which haven’t been found yet” ;)

 

Ultimately, like a lot of OSS, both projects seem to be maintained by a handful of core developers.

 

Cheers,

 

Matt

 

 

From: Tech-talk <tech-talk-bounces at aps.anl.gov> on behalf of "Shankar, Murali via Tech-talk" <tech-talk at aps.anl.gov>
Reply-To: "Shankar, Murali" <mshankar at slac.stanford.edu>
Date: Monday, 13 December 2021 at 18:58
To: "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov>
Subject: Log4Shell approaches

 

We were wondering if others had any recommendations on this. That is, should we continue using/migrating to log4j2 ( and hope the security issues are fixed ) or should we consider alternatives like logback etc. Any thoughts are appreciated.

 

Regards,

Murali

 

Replies:
Re: Log4Shell approaches Jörn Dreyer via Tech-talk
RE: Log4Shell approaches Carriveau, Anthony via Tech-talk
References:
Log4Shell approaches Shankar, Murali via Tech-talk
Navigate by Date:
Prev: Re: Can single soft-IOC control multiple OMS SPI-MAXnet controllers? Mrinal Bera via Tech-talk
Next: Re: Log4Shell approaches Jörn Dreyer via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024 
Navigate by Thread:
Prev: Log4Shell approaches Shankar, Murali via Tech-talk
Next: Re: Log4Shell approaches Jörn Dreyer via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024 
ANJ, 14 Dec 2021 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·