Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

code.wireshark.org shutdown

From: Gerald Combs <gerald () wireshark org>
Date: Fri, 10 Dec 2021 09:47:28 -0800
Hi all,

A severe vulnerability was recently discovered in log4j (CVE-2021-44228), which allows remote code execution:

https://www.lunasec.io/docs/blog/log4j-zero-day/

Code.wireshark.org was running Gerrit 2.14.11, which includes log4j 1.2.17, which appears to be vulnerable to this 
issue:

https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126

Our Gerrit instance was scheduled to be decommissioned on February 23rd, but given the potential severity of the issue 
I did so a few minutes ago.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: