Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

log4j2 #298

Open
Kabenla opened this issue Dec 20, 2021 · 1 comment
Open

log4j2 #298

Kabenla opened this issue Dec 20, 2021 · 1 comment

Comments

@Kabenla
Copy link

Kabenla commented Dec 20, 2021

Is Scigraph affected by the log4j2 vulnerability (https://logging.apache.org/log4j/2.x/).

If so, is there an update in the works or are there any instructions on how to update the logging framework to 2.17.0?

Thank you

Kabs
@tgbugs
Copy link
Collaborator

tgbugs commented Dec 20, 2021

I think that SciGraph services are not affected because they use log4j 1.2. OWLAPI may be affected and thus the graphloading routines could be affected, but that code is not part of software that accepts arbitrary user input. A malformed ontology file could in principle trigger the issue in OWLAPI.

All this said, I have not tested using a payload to see whether there is actually an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tgbugs @Kabenla