Page 1 of 1

Log4j Vulnerabilities?

Posted: Mon Dec 20, 2021 10:43 pm
by OldUncleRon
I'm surprised I haven't seen a post on LiveCode's vulnerability to log4j CVEs:
CVE-2021-44228
CVE-2021-45046
CVE-2021-45105

Anyone using LiveCode in a business environment will need documentation on if LiveCode is vulnerable (versions) and if so how it handles the vulnerability.

Thanks!

Re: Log4j Vulnerabilities?

Posted: Tue Dec 21, 2021 4:09 am
by mwieder
Well, the log4j/log4j2 vulnerabilities are in java, so I'd suspect that any effects in LiveCode would be limited to the Android platform. And even those wouldn't pertain to LiveCode per se, but to the underlying operating system the delivered stack is running on. CVE-2021-44228 is fairly easy to mitigate by updating java. Here are some details:

https://www.synopsys.com/blogs/software ... -analysis/
https://logging.apache.org/log4j/2.x/security.html

Re: Log4j Vulnerabilities?

Posted: Tue Dec 21, 2021 1:53 pm
by Klaus
Hi OldUncleRon,

welcome to the forum!
Will move this thread to the "Talking Livecode" forum.

Best

Klaus

P.S.
Personal not:
A little "Hello" or something would not have hurt for the very first posting.