Dear Open Foris Team,

as far as I have seen, Open Foris Collect uses the Java library log4j. At the end of 2021, a serious security vulnerability was discovered in the Java library log4j. Has this security vulnerability been closed in the current version 4.0.89 for Windows or does this problem still exist?

With kind regards

asked 14 Mar, 08:42

NLPA's gravatar image

accept rate: 0%

Dear user,
There were vulnerabilities in versions of log4j previous to 2.17.0 (18/12/2021) but they were fixed alredy in version 2.17.1 and Collect 4.0.89 uses version 2.20.0 (not the latest one, but it's from 21/02/2023), so it's not affected by this problem.
Many thanks for having raised this question and put an alert on that, it's always good to have a double check on these kind of issues.
Many thanks,
Open Foris Team

permanent link

answered 14 Mar, 10:19

Stefano%20%28OF%29's gravatar image

Stefano (OF) ♦♦
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 14 Mar, 08:42

question was seen: 749 times

last updated: 14 Mar, 10:19