Please double-check for vulnerable bundled log4j
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 20 Dec 2021 11:11:05 UTC
Dear maintainer, You are maintaining at least one of the ports listed in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260421#c9. They seem to bundle a potentially vulnerable log4j version. In case you have not looked into this already, please: * Double check if your port(s) are at risk. * Check if there are fixes available upstream and if so, prepare the fixes for your port as soon as possible. * If fixes are not yet available, please open a bug in bugzilla and mark it as blocking for https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260421 so we don't lose track of it. Also please keep checking for upstream fixes regularly and update the port as soon as you can. Thank you and best regards For ports-secteam Riggs