···
|
Carlos Figueiredo
Technical Manager / Senior System Analyst
Defence & Security Systems
carlos.figueiredo@…1177…
|
Tel: +351.212945900
Mobile: +351. 937 673 523
Fax: +351.212945999
|
Rua Calvet Magalhães, 245
2770-153 Paço de Arcos · Portugal
www.edisoft.pt
|
|
……………………………………………………………………………
A informação contida neste e-mail e quaisquer documentos anexos são propriedade da EDISOFT e poderão ser confidenciais. Se não for o destinatário pretendido, por favor, comunique-nos de imediato, enviando-nos esta mensagem de volta e destruindo-a em seguida. Fica desde já advertido de que é estritamente proibida qualquer revisão, divulgação, distribuição, cópia ou qualquer outra utilização deste e-mail.
The information contained in this e-mail and any attachments are the property of EDISOFT and may be confidential. If you are not the intended recipient, please notify us immediately, send this message back to us and destroy it. You are hereby notified that any review, dissemination, distribution, copying or otherwise use of this e-mail is strictly prohibited
From: FIGUEIREDO Carlos
Sent: 5 de janeiro de 2022 11:22
To: ‘Jose Garcia’ <jose.garcia@…437…>
Cc: geonetwork-devel@lists.sourceforge.net; TILSNER Dirk <dirk.tilsner@…1177…>
Subject: RE: [GeoNetwork-devel] Log4j Vulnerability
Hi José,
Just another information: it seems that the geonetwork 3.10.10 war package still includes in the JMSAppender.class ,the log4j-1.2.17.jar.
It is expected to release another 3.10.x version with this removed (version 1 of Log4J as it seems redundant ?) and eventually also upgrade with log4j 2.17.x ?
Many thanks for your attention ad help on this subject.
BR,
|
Carlos Figueiredo
Technical Manager / Senior System Analyst
Defence & Security Systems
carlos.figueiredo@…1177…
|
Tel: +351.212945900
Mobile: +351. 937 673 523
Fax: +351.212945999
|
Rua Calvet Magalhães, 245
2770-153 Paço de Arcos · Portugal
www.edisoft.pt
|
|
……………………………………………………………………………
A informação contida neste e-mail e quaisquer documentos anexos são propriedade da EDISOFT e poderão ser confidenciais. Se não for o destinatário pretendido, por favor, comunique-nos de imediato, enviando-nos esta mensagem de volta e destruindo-a em seguida. Fica desde já advertido de que é estritamente proibida qualquer revisão, divulgação, distribuição, cópia ou qualquer outra utilização deste e-mail.
The information contained in this e-mail and any attachments are the property of EDISOFT and may be confidential. If you are not the intended recipient, please notify us immediately, send this message back to us and destroy it. You are hereby notified that any review, dissemination, distribution, copying or otherwise use of this e-mail is strictly prohibited
From: Jose Garcia <jose.garcia@…437…>
Sent: 3 de janeiro de 2022 11:36
To: FIGUEIREDO Carlos <carlos.figueiredo@…1177…>
Cc: geonetwork-devel@lists.sourceforge.net; TILSNER Dirk <dirk.tilsner@…1177…>
Subject: Re: [GeoNetwork-devel] Log4j Vulnerability
Hi Carlos
Please check:
Both versions have the log4j2 version 2.15.0. The source code is updated to 2.17.0, but for now there are no official releases including that version.
Regards,
Jose García
On Mon, Jan 3, 2022 at 12:17 PM FIGUEIREDO Carlos via GeoNetwork-devel <geonetwork-devel@lists.sourceforge.net> wrote:
Dear GeoNetwork community,
Can you please advice on which update of GeoNetwork 3.10.x is including the fix for the Log4J security breach ?
I’m (and Edisoft company) are part of the EU project Odyssea that uses currently Geonetwork v3.10.3 and we need to update in order to correct the security issues reported with Log4J.
The project has currently the Geonwetork server down and waiting for a +possible souluction.~
~
Can you please be so kind to inform me of the above ?
Many thanks for you attention to this subject.
BR
,
|
Carlos Figueiredo
Technical Manager / Senior System Analyst
Defence & Security Systems
carlos.figueiredo@…1177…
|
Tel: +351.212945900
Mobile: +351. 937 673 523
Fax: +351.212945999
|
Rua Calvet Magalhães, 245
2770-153 Paço de Arcos · Portugal
www.edisoft.pt
|
|
……………………………………………………………………………
A informação contida neste e-mail e quaisquer documentos anexos são propriedade da EDISOFT e poderão ser confidenciais. Se não for o destinatário pretendido, por favor, comunique-nos de imediato, enviando-nos esta mensagem de volta e destruindo-a em seguida. Fica desde já advertido de que é estritamente proibida qualquer revisão, divulgação, distribuição, cópia ou qualquer outra utilização deste e-mail.
The information contained in this e-mail and any attachments are the property of EDISOFT and may be confidential. If you are not the intended recipient, please notify us immediately, send this message back to us and destroy it. You are hereby notified that any review, dissemination, distribution, copying or otherwise use of this e-mail is strictly prohibited
GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
–
Vriendelijke groeten / Kind regards,
Jose García
Veenderweg 13
6721 WD Bennekom
The Netherlands
T: +31 (0)318 416664
Please consider the environment before printing this email.