Log4j Security Vulnerability #100
Comments
|
No worries. I will review the PR once it comes in. |
manuelschwarze
added a commit
that referenced
this issue
Dec 14, 2021
OPSIN has addressed a security vulnerability (CVE-2021-44228) documented in issue dan2097/opsin#174 - To package this for the RDKit nodes we now use OPSIN 3.0 (beta) build on master commit 6aca244. This includes then naturally also improvements between 2.5 and 3.0 (committed until Dec 11, 2021). Bumped version to from 4.4.0 to 4.4.1.
greglandrum
pushed a commit
that referenced
this issue
Dec 15, 2021
…#101) * Bugfix to address log4j security vulnerability - version 4.4.1 (#100) OPSIN has addressed a security vulnerability (CVE-2021-44228) documented in issue dan2097/opsin#174 - To package this for the RDKit nodes we now use OPSIN 3.0 (beta) build on master commit 6aca244. This includes then naturally also improvements between 2.5 and 3.0 (committed until Dec 11, 2021). Bumped version to from 4.4.0 to 4.4.1. * Fixed pom.xml version to 4.4.1 (must be in sync with plugin versions)
manuelschwarze
added a commit
that referenced
this issue
Dec 21, 2021
manuelschwarze
added a commit
that referenced
this issue
Dec 21, 2021
manuelschwarze
added a commit
that referenced
this issue
Dec 6, 2022
Merge in KNIM/knime-rdkit from bugfix/100-log4j_security_fix_in_opsin to master_nibr * commit '7dea16ecb506c8e2f5895296e674a0f392f5a51e': Fixed pom.xml version to 4.4.1 (must be in sync with plugin versions) Bugfix to address log4j security vulnerability - version 4.4.1 (#100) forgotten version bump in pom.xml Add RDKit2SVG node (#99)
greglandrum
added a commit
that referenced
this issue
Dec 20, 2022
* Added thread synchronization to avoid NullPointerException raise cond. Fixed line endings for Linux and encoding to UTF-8. * update rdkit to 2020.09.1 * update test zip * remove freetype dependency from the mac binary * Bugfix to address log4j security vulnerability - version 4.4.1 (#100) OPSIN has addressed a security vulnerability (CVE-2021-44228) documented in issue dan2097/opsin#174 - To package this for the RDKit nodes we now use OPSIN 3.0 (beta) build on master commit 6aca244. This includes then naturally also improvements between 2.5 and 3.0 (committed until Dec 11, 2021). Bumped version to from 4.4.0 to 4.4.1. * Fixed pom.xml version to 4.4.1 (must be in sync with plugin versions) * NXSWE-7 JRebel, IDEA config files added to .gitignore * KNIME-1496: Introduce normalization of scaling while rendering * KNIME-1478: Align missing cell rendering (red ? like rest of KNIME) * KNIME-1496: Bugfix for normalization failure when no conformers found * KNIME-1496: Introduce preference to control normalization when rendering Co-authored-by: greg landrum <greg.landrum@gmail.com> Co-authored-by: Roman Balabanov <roman-1.balabanov_ext@novartis.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The RDKit nodes plugin makes use of the OPSIN library, which has a dependency to log4j 2.14.1 in our current RDKit nodes version. It is kind of hidden, because we built the OPSIN library into a single JAR file that bundles all dependencies. I raised an issue in the OPSIN project yesterday, and Dan has fixed it immediately updating to log4j 2.15.1. We should get that update into the RDKit nodes ASAP for the nightly build, and should also consider releasing it to KNIME 4.3, 4.4 and 4.5. @greglandrum, I will require your code review and approval.
The text was updated successfully, but these errors were encountered: