search

smartrank / lrmixstudio

LRmix Studio is a free of charge, open-source (GPLv 3 license), expert system dedicated to the interpretation of forensic DNA profiles, with a particular focus on complex DNA mixtures. LRmix Studio enables measuring the probative value of any (autosomal STR-based) forensic DNA profile. LRmix Studio is programmed after the likelihood ratio model described in Haned et al (FSIG 2012) and Gill & Haned (FSIG 2013). This model explicitly accommodates for uncertainty in the DNA profiles from the allelic drop-out and drop-in phenomena. The program estimates these quantities from the available data, and uses those estimates to generate likelihood ratios. LRmix Studio was designed and developed by Hinda Haned and Jeroen de Jong, and was partly supported by a grant from the Netherlands Genomics Initiative/ Netherlands Organization for Scientific Research (NWO) within the framework of the Forensic Genomics Consortium Netherlands.
7 stars 4 forks source link

CVE-2021-44228 in the Apache Log4j Java logging library #3

Open jbgosset opened 2 years ago

jbgosset commented 2 years ago

Hi,

Would it be possible to upgrade the Log4j version to 2.16.0?

hyperjeroen commented 2 years ago

Hi!

Good question! Here's my take on things: since LRMixStudio uses Log4j 1.2.17 and the default configuration does not enable the JMSAppender, neither CVE-2021-44228 nor its 'successor' CVE-2021-45046 are applicable. Given the rapid succession of CVE's for the log4j framework and the noises I get from my IT people, I'm holding off on updating to the log4j 2.x branch until things have quieted down a bit.

So in short: I'd rather not update right now as we're not immediately vulnerable and updating may actually introduce vulnerabilities.

Regards, Jeroen