[cfe-dev] Are any LLVM components affected by the recent log4j issues?
Kristof Beyls via cfe-dev
cfe-dev at lists.llvm.org
Wed Dec 22 23:30:31 PST 2021
As one of the points of contact at CERT for LLVM, I've received messages
from CERT asking if LLVM is affected by any of the recent log4j
vulnerabilities: *CVE-2021-45105*, *CVE-2021-4104*, *CVE-2021-45046* and
*CVE-2021-44228*. It seems CERT is reaching out to every single vendor
registered with them about these vulnerabilities.
As far as I know no LLVM sub-project uses Java, so LLVM should not be
vulnerable to any of the log4j issues.
Before I go ahead and record in the CERT database that LLVM is not
affected, I thought I'd just double check if anyone is aware of any use of
Java in LLVM and/or any potential way LLVM could be affected by the recent
log4j issues?
Thanks,
Kristof
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20211223/9a627ee9/attachment.html>
More information about the cfe-dev
mailing list