Comments (1)
zacthompson
commented on July 3, 2024
Inaccurate to say "It does not have a workaround":
https://logging.apache.org/log4j/2.x/security.html#fixed-in-log4j-2-8-2-java-7
Java 6 users should avoid using the TCP or UDP socket server classes, or they can manually backport the security fix commit from 2.8.2.
Since this codebase only uses the Logger interface, there's nothing in here that would be directly affected by that CVE - users would have to be explicitly adding references in their own applications in order to get hit by the bug.
However, updating to a more recent version of log4j would eliminate the risk to users, at the small cost of dropping support for Java 6, which seems like a reasonable tradeoff in 2023.
from fuelsdk-java.
Related Issues (20)
- [BUG] FuelSdk is not compatible with Java 11 HOT 10
- [BUG] Issue updating ETAsset using client.update()
- [BUG]
- [Enhancement] Support PUT method for ETRestConnection
- Retrieve Automation Object
- Successfully execute update data extension row in SDK, but the row in SFMC is not updated.
- [BUG] ErrorCodeId is not present in the SubscriberResult in etframework.wsdl which is causing un-marsheling exceptions HOT 3
- [BUG] ETLClient createDataExtensionDataRow have too long size of the request headers for field User-Agent and request failed
- [BUG] High vulnerabilities found in org.apache.cxf_cxf-core version 3.1.2 HOT 1
- [CVE-2021-44228] zero-day in the Log4j Java library HOT 15
- [BUG] Message xxxx is not valid for the client.
- [ISSUE] - Initiate ET client throwing Runtime modeler execption HOT 1
- Tenant's endpoint API integrations update HOT 1
- [Enhancement] - Replace log4j by a logging facade
- [BUG] variable [soap] is not assigned if variable [continueRequestId] is not null HOT 1
- [Enhancement] Expose Parent Id on ETFolder
- [Enhancement] Add support for Spring Boot 3 / add Jakarta-based artifact
- [Enhancement] - support java 17
- [BUG] Can't create Asset HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fuelsdk-java.