Staff 9972 Posted ... Hello! We would like to inform you that we have never used the Apache Logging Services and/or Java in general, so any Log4j vulnerability, CVE-2021-44228 included (overall CVSS score 10.0 - critical) doesn't affect AirVPN web site or anything related to AirVPN.https://nvd.nist.gov/vuln/detail/CVE-2021-44228Kind regards and datalove AirVPN Staff 6 JAC-Render, dschubba, spinmaster and 3 others reacted to this Quote Share this post Link to post
OpenSourcerer 1435 Posted ... I like this answer right here on the GitLab forums. Why should someone say they're not vulnerable if their product doesn't use it, or can't even use it due to the language? It was a topic at my work as well. The amount of panic-inducing reactions from management was abysmal. "But GitLab is not running on Java, it's Ruby." "Just contact them and ask for confirmation." "But it's not Java! The vulnerability is in a Java cl…" "Are you so omniscient to know that it's unaffected? Get to it, contact me again when you have something official." I'm slightly speechless. Why should I ask InfluxData whether their Go-written monitoring product uses a Java class? Why should I ask the vendor delivering a Python 3-based software? Why contact someone who wrote something for us in C#? Damn, management can be difficult… Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Staff 9972 Posted ... 13 hours ago, OpenSourcerer said: I like this answer right here on the GitLab forums. Why should someone say they're not vulnerable if their product doesn't use it, or can't even use it due to the language? Hello! In our case, to collectively answer many requests and mitigate the amount of future tickets about it. Kind regards Quote Share this post Link to post
vroomvroom 0 Posted ... 😂 On 12/14/2021 at 8:26 PM, OpenSourcerer said: I like this answer right here on the GitLab forums. It was a topic at my work as well. The amount of panic-inducing reactions from management was abysmal. 😂 That's what the function is of management, no ? Since they have zero technical skills they gotta make themself useful somehow. Quote Share this post Link to post