Significant security vulnerability discovered in Log4j

Jason Liu jasonliu at umich.edu
Sat Dec 11 19:26:12 UTC 2021 

On Sat, Dec 11, 2021 at 1:32 PM Eric Gallager <egall at gwmail.gwu.edu> wrote:

>
> so... is there anything to do about this in MacPorts?
>

There's probably nothing that can be done in terms of the MacPorts
packages. It's basically dependent on upstream developers to patch anything
that might be affected. It was more of a general warning to anyone on the
mailing list that might be running a web server.

...I don't think any of these are the same thing, are they?
>

Based on my googling, jakarta-log4j is some sort of wrapper that allows
Jakarta to use log4j, so it's quite possible that the jakarta-log4j package
is affected. Depending on how closely the C++ port follows the original
Java in the log4cxx package, it might also be affected; the same applies to
the log4perl packages.

-- 
Jason Liu


On Sat, Dec 11, 2021 at 1:32 PM Eric Gallager <egall at gwmail.gwu.edu> wrote:

> On Fri, Dec 10, 2021 at 6:00 PM Jason Liu <jasonliu at umich.edu> wrote:
> >
> > In case everyone hadn't heard the news. If anyone is running Log4j for
> logging on any of your web servers, you might want to read this.
> >
> > WIRED: 'The Internet Is On Fire'
> > A vulnerability in the Log4j logging framework has security teams
> scrambling to put in a fix.
> >
> > --
> > Jason Liu
>
> so... is there anything to do about this in MacPorts?
>
> $ port search log4j
> jakarta-log4j @1.2.16 (java, devel)
>     Java logging API
>
> log4cxx @0.10.0_1 (devel)
>     log4cxx is a port to C++ of the log4j project
>
> log4jdbc @1.1 (java)
>     JDBC driver that can log SQL and/or JDBC calls
>
> p5-log-dispatch-config @1.40.0 (perl)
>     Log::Dispatch::Config - Log4j for Perl
>
> p5-log-log4perl @1.540.0 (perl)
>     Log4j implementation for Perl
>
> p5.28-log-dispatch-config @1.40.0 (perl)
>     Log::Dispatch::Config - Log4j for Perl
>
> p5.28-log-log4perl @1.540.0 (perl)
>     Log4j implementation for Perl
>
> p5.30-log-dispatch-config @1.40.0 (perl)
>     Log::Dispatch::Config - Log4j for Perl
>
> p5.30-log-log4perl @1.540.0 (perl)
>     Log4j implementation for Perl
>
> p5.32-log-dispatch-config @1.40.0 (perl)
>     Log::Dispatch::Config - Log4j for Perl
>
> p5.32-log-log4perl @1.540.0 (perl)
>     Log4j implementation for Perl
>
> Found 11 ports.
> $ port installed `port -q search log4j`
> The following ports are currently installed:
>   jakarta-log4j @1.2.16_0 (active)
>   log4jdbc @1.1_0 (active)
>   p5.28-log-log4perl @1.540.0_0 (active)
>   p5.30-log-log4perl @1.540.0_0 (active)
>   p5.32-log-log4perl @1.540.0_0 (active)
> $
>
> ...I don't think any of these are the same thing, are they?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20211211/a00c3dc0/attachment.htm>

More information about the macports-dev mailing list