I'm surprised I haven't seen a post on LiveCode's vulnerability to log4j CVEs:
CVE-2021-44228
CVE-2021-45046
CVE-2021-45105
Anyone using LiveCode in a business environment will need documentation on if LiveCode is vulnerable (versions) and if so how it handles the vulnerability.
Thanks!
Log4j Vulnerabilities?
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
Re: Log4j Vulnerabilities?
Well, the log4j/log4j2 vulnerabilities are in java, so I'd suspect that any effects in LiveCode would be limited to the Android platform. And even those wouldn't pertain to LiveCode per se, but to the underlying operating system the delivered stack is running on. CVE-2021-44228 is fairly easy to mitigate by updating java. Here are some details:
https://www.synopsys.com/blogs/software ... -analysis/
https://logging.apache.org/log4j/2.x/security.html
https://www.synopsys.com/blogs/software ... -analysis/
https://logging.apache.org/log4j/2.x/security.html
PowerDebug http://powerdebug.ahsoftware.net
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
Re: Log4j Vulnerabilities?
Hi OldUncleRon,
welcome to the forum!
Will move this thread to the "Talking Livecode" forum.
Best
Klaus
P.S.
Personal not:
A little "Hello" or something would not have hurt for the very first posting.
welcome to the forum!
Will move this thread to the "Talking Livecode" forum.
Best
Klaus
P.S.
Personal not:
A little "Hello" or something would not have hurt for the very first posting.