Log4j Vulnerabilities?

Anything beyond the basics in using the LiveCode language. Share your handlers, functions and magic here.

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

Post Reply
OldUncleRon
Posts: 1
Joined: Mon Dec 20, 2021 10:34 pm

Log4j Vulnerabilities?

Post by OldUncleRon » Mon Dec 20, 2021 10:43 pm

I'm surprised I haven't seen a post on LiveCode's vulnerability to log4j CVEs:
CVE-2021-44228
CVE-2021-45046
CVE-2021-45105

Anyone using LiveCode in a business environment will need documentation on if LiveCode is vulnerable (versions) and if so how it handles the vulnerability.

Thanks!

mwieder
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 3581
Joined: Mon Jan 22, 2007 7:36 am
Location: Berkeley, CA, US
Contact:

Re: Log4j Vulnerabilities?

Post by mwieder » Tue Dec 21, 2021 4:09 am

Well, the log4j/log4j2 vulnerabilities are in java, so I'd suspect that any effects in LiveCode would be limited to the Android platform. And even those wouldn't pertain to LiveCode per se, but to the underlying operating system the delivered stack is running on. CVE-2021-44228 is fairly easy to mitigate by updating java. Here are some details:

https://www.synopsys.com/blogs/software ... -analysis/
https://logging.apache.org/log4j/2.x/security.html

Klaus
Posts: 13806
Joined: Sat Apr 08, 2006 8:41 am
Location: Germany
Contact:

Re: Log4j Vulnerabilities?

Post by Klaus » Tue Dec 21, 2021 1:53 pm

Hi OldUncleRon,

welcome to the forum!
Will move this thread to the "Talking Livecode" forum.

Best

Klaus

P.S.
Personal not:
A little "Hello" or something would not have hurt for the very first posting.

Post Reply

Return to “Talking LiveCode”