Wireshark · Wireshark-dev: [Wireshark-dev] code.wireshark.org shutdown

Wireshark-dev: [Wireshark-dev] code.wireshark.org shutdown

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Fri, 10 Dec 2021 09:47:28 -0800

Hi all,

A severe vulnerability was recently discovered in log4j (CVE-2021-44228), which allows remote code execution:

https://www.lunasec.io/docs/blog/log4j-zero-day/

Code.wireshark.org was running Gerrit 2.14.11, which includes log4j 1.2.17, which appears to be vulnerable to this issue:

https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126

Our Gerrit instance was scheduled to be decommissioned on February 23rd, but given the potential severity of the issue I did so a few minutes ago.

Prev by Date: Re: [Wireshark-dev] ISO-8601 date support
Next by Date: [Wireshark-dev] Wireshark do not stop extcap on exit if no packets received yet
Previous by thread: Re: [Wireshark-dev] ISO-8601 date support
Next by thread: [Wireshark-dev] Wireshark do not stop extcap on exit if no packets received yet
Index(es):
- Date
- Thread