Menu
▾
▴
Re: [Gmod-ajax] JBrowse - log4js vulnerability
|
From: Colin <col...@gm...> - 2022-01-04 17:42:35
|
Hi there I am aware of the log4j issue but this particular warning is not really a concern in my opinion. To put this in perspective, jbrowse does not have any server side code that "runs", it is just a set of js css and html e.g. static resources, so this log4j code is not "running" anywhere on your machine -Colin On Tue, Jan 4, 2022, 10:11 AM Istvan Nagy <ist...@qg...> wrote: > Hi All, > > I am running a public genome browser with runnin It appears that > jbrowse-1.16.10. > > It appears the JBrowse has log4j security issue: > > > =============================================================================== > > [WARNING] [42 - contains log4j files] > /usr/local/jbrowse/node_modules/dojo-util/buildscripts/cldr/lib/bsf.jar > [WARNING] [43 - contains log4j files] > > /usr/local/jbrowse/node_modules/dojo-util/buildscripts/cldr/lib/commons-logging-1.1.1.jar > [WARNING] [55 - contains log4j files] > > /usr/local/jbrowse-1.16.10-release/node_modules/dojo-util/buildscripts/cldr/lib/bsf.jar > [WARNING] [56 - contains log4j files] > > /usr/local/jbrowse-1.16.10-release/node_modules/dojo-util/buildscripts/cldr/lib/commons-logging-1.1.1.jar > [WARNING] This script does not guarantee that you are not vulnerable, > but is a strong hint. > ============================================================================== > > > > I am wondering whether a security update for JBrowse 1.x is planned in > the near future ? > > > Thanks > > Istvan > > -- > Med venlig hilsen / Kind regards > Istvan Nagy > > Center for Quantitative Genetics and Genomics > AARHUS UNIVERSITET / AARHUS UNIVERSITY > Forsøgsvej 1 > DK-4200 Slagelse, Denmark > Tel: +45 8715 6000 > Email: ist...@qg... > +45 8715 8208 (direct) > Web: http://www.au.dk > > _______________________________________________ > Gmod-ajax mailing list > Gmo...@li... > https://lists.sourceforge.net/lists/listinfo/gmod-ajax > |
