Log4j vuln with two packages

REMnux / salt-states

This repository maintains the SaltStack state files for the REMnux distro.

https://REMnux.org

39 stars 21 forks source link

Log4j vuln with two packages #281

Closed 4NSIK1 closed 1 month ago

4NSIK1 commented 7 months ago

Two of the packages both include older version of log4j-core and are susceptible to CVE-2021-44228 (Log4Shell).

android-project-creator.sls
portex.sls

Could these be removed or patched?

digitalsleuth commented 6 months ago

More than likely they can be updated. Android Project Creator version 1.5.2 addresses this vulnerability, as does 3.0.3 of Portex. Let us take a look at the latest versions and see how we can go about getting them updated.

Cheers!

lennyzeltser commented 1 month ago

We now have the updated version of Portex on REMnux.

lennyzeltser commented 1 month ago

We now have the updated version of Android Project Creator on REMnux.