Significant security vulnerability discovered in Log4j
Joshua Root
jmr at macports.org
Sun Dec 12 09:57:14 UTC 2021
On 2021-12-12 20:02 , Nils Breunese wrote:
> It could be the case the MacPorts has ports for Java-based applications that include a vulnerable version of the Log4J library. A port that includes a file called log4j-$version.jar with $version in the range 2.0.0-2.14.1 could be vulnerable. This file could also be ‘hidden’ inside a compressed archive, like a .war file (basically a zip file). I’m not sure how we could check all ports for this without installing all of them.
Not all ports have installed file information available, but the web app
can search the ones that do:
<https://ports.macports.org/search/?installed_file=log4j&q=>
- Josh
More information about the macports-dev
mailing list