Significant security vulnerability discovered in Log4j

Eric Gallager egall at
Sat Dec 11 18:32:15 UTC 2021

On Fri, Dec 10, 2021 at 6:00 PM Jason Liu <jasonliu at> wrote:
> In case everyone hadn't heard the news. If anyone is running Log4j for logging on any of your web servers, you might want to read this.
> WIRED: 'The Internet Is On Fire'
> A vulnerability in the Log4j logging framework has security teams scrambling to put in a fix.
> --
> Jason Liu

so... is there anything to do about this in MacPorts?

$ port search log4j
jakarta-log4j @1.2.16 (java, devel)
    Java logging API

log4cxx @0.10.0_1 (devel)
    log4cxx is a port to C++ of the log4j project

log4jdbc @1.1 (java)
    JDBC driver that can log SQL and/or JDBC calls

p5-log-dispatch-config @1.40.0 (perl)
    Log::Dispatch::Config - Log4j for Perl

p5-log-log4perl @1.540.0 (perl)
    Log4j implementation for Perl

p5.28-log-dispatch-config @1.40.0 (perl)
    Log::Dispatch::Config - Log4j for Perl

p5.28-log-log4perl @1.540.0 (perl)
    Log4j implementation for Perl

p5.30-log-dispatch-config @1.40.0 (perl)
    Log::Dispatch::Config - Log4j for Perl

p5.30-log-log4perl @1.540.0 (perl)
    Log4j implementation for Perl

p5.32-log-dispatch-config @1.40.0 (perl)
    Log::Dispatch::Config - Log4j for Perl

p5.32-log-log4perl @1.540.0 (perl)
    Log4j implementation for Perl

Found 11 ports.
$ port installed `port -q search log4j`
The following ports are currently installed:
  jakarta-log4j @1.2.16_0 (active)
  log4jdbc @1.1_0 (active)
  p5.28-log-log4perl @1.540.0_0 (active)
  p5.30-log-log4perl @1.540.0_0 (active)
  p5.32-log-log4perl @1.540.0_0 (active)

...I don't think any of these are the same thing, are they?

More information about the macports-dev mailing list