Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there any impact of log4j vulnerability on the Opentest as there is an indirect dependency of log4j library in our Opentest-actor? #534

Closed
Naveenkumarnnk opened this issue Dec 23, 2021 · 2 comments
Closed

Is there any impact of log4j vulnerability on the Opentest as there is an indirect dependency of log4j library in our Opentest-actor? #534

Naveenkumarnnk opened this issue Dec 23, 2021 · 2 comments
Labels
stale

Comments

@Naveenkumarnnk
Copy link

Hi @adrianth/Team,

These days we are listening to a lot on the log4j vulnerability issue. And most of the applications are upgrading the log4j libraries to the latest version.

So, Is there any impact on the Opentest? If Yes, then what can we do to resolve it and when can we expect the resolution?

Thank you.
@adrianth
Copy link
Contributor

No, OpenTest is not impacted by the Log4j vulnerability, as it includes log4j-1.2.17.jar, whereas the JNDI lookup vulnerability was introduced in version 2.X. Also, Log4j is not used by OpenTest and it is only included as part of the dependency chain.

@stale
Copy link

stale bot commented Apr 28, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Apr 28, 2022
@stale stale bot closed this as completed Jun 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adrianth @Naveenkumarnnk