Comments (7)
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
So if an attacker has access to your eclipse installation your are lost anyways and he can execute any code...
from equinox.bundles.
still need an update to 1.2.9+ to close the possible vector
from equinox.bundles.
First you need to determine what feature is installing these bundles. I assume it is not any of the features from the actual Eclipse IDE project (Equinox, PDE, JDT, Platform), because I don't see these bundles installed on my base installation.
from equinox.bundles.
Eclipse IDE for Enterprise Java and Web Developers (includes Incubating components)
Version: 2022-03 (4.23.0)
Build id: 20220310-1457
*** Plug-in Registry:
ch.qos.logback.classic (1.2.3.v20200428-2012) "Logback Classic Module" [Resolved]
Id: ch.qos.logback.classic, Version: 1.2.3.v20200428-2012, Location: reference:file:plugins/ch.qos.logback.classic_1.2.3.v20200428-2012.jar
from equinox.bundles.
I would venture the plugins are installed by m2e. So you should open an issue with m2e.
from equinox.bundles.
I think we can close this issue here.
from equinox.bundles.
Yes, m2e would be satisfied with higher versions but it's the only thing bound to these older versions:
@jonahgraham FYI.
from equinox.bundles.
Related Issues (15)
- There is a new test fail caused by this change, tests must be updated too. HOT 2
- Create equinox repo to merge equinox.bundles and equinox.framework into it HOT 22
- -Dosgi.dataAreaRequiresExplicitInit=true doesn't work anymore HOT 5
- Publish the a "BundleStateScope" as an IScopeContext service (factory)
- Build failure in 4.24 I-Build: I20220428-0120 HOT 5
- java.lang.IllegalArgumentException: Declaration is invalid in recent builds HOT 4
- org.eclipse.equinox.preferences has wrong version HOT 6
- Enable Discussions? HOT 2
- Storage location for ConfigAdmin HOT 9
- Incorrect `org.osgi.service.prefs` dependency in org.eclipse.equinox.preferences-3.10.0 HOT 68
- org.osgi.service.prefs.Preferences cannot be resolved. It is indirectly referenced from required .class files HOT 2
- Archive this repository HOT 9
- UnsupportedClassVersionError due to fix on org.osgi.service.prefs HOT 11
- org.eclipse.equinox.http.jetty has 1 resolution problems.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from equinox.bundles.