Java Vulnerability
Minion Team,
It looks like Minion is using log4j 2.6.2. This is currently a version of the log4j exploit activly being used. It is currently ranks a 10 out of 10 in severity. I am just checking to see if you are aware of this, and/or have any plans to address/fix this. Oracle has issued a fixed version of the library. |
Moved to Minion forum.
sirinsidiator did a test and it does not seem to be vulnerable according to the exploit test info provided here https://www.lunasec.io/docs/blog/log4j-zero-day/ |
Log4j
There is a new version of Log4j available since December 27th, and it supposedly fixes the possible exploit in 2.17.0. Do you have any plans to update to that version?
The security software I use, flags version 2.17.0 as compromised. https://logging.apache.org/log4j/2.x/security.html |
Does anyone know if Minion uses Java Spring?
A set of high-profile vulnerabilities have been identified affecting the popular Java Spring Framework and related software components - generally being referred to as Spring4Shell. |
Nope, but you can see the dependencies yourself if you press the (i) icon in the upper right of Minion
Quote:
|
Quote:
|
All times are GMT -6. The time now is 11:08 PM. |
vBulletin © 2024, Jelsoft Enterprises Ltd
© 2014 - 2022 MMOUI