[Davmail-users] Davmail and the CVE-2021-44228-Log4j?
Brought to you by:
mguessan
Menu
▾
▴
[Davmail-users] Davmail and the CVE-2021-44228-Log4j?
|
From: Ole H. N. <Ole...@fy...> - 2021-12-14 11:26:07
|
Hi, We have installed davmail 6.0.1 dated Dec. 3, 2021 as an RPM on CentOS 7.9. However, it's only a few days ago that the Vulnerability in Apache Log4j (CVE-2021-44228-Log4j) was announced. We note that Davmail includes a log4j component: $ rpm -ql davmail | grep log4j /usr/share/davmail/lib/log4j-1.2.16.jar /usr/share/davmail/lib/slf4j-log4j12-1.7.25.jar Question: Is davmail vulnerable to log4j? If so, when could we expect a security fix? Thanks, Ole -- Ole Holm Nielsen PhD, Senior HPC Officer Department of Physics, Technical University of Denmark |
