添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
聪明的冰棍  ·  一路向西:我的川藏线骑行日记 - 嘀咕·  4 月前    · 
愤怒的骆驼  ·  POPUP·  5 月前    · 
体贴的打火机  ·  python输出为短日期格式_mob64ca ...·  5 月前    · 
文雅的山楂  ·  20个优秀的画布 Canvas ...·  6 月前    · 
稳重的沙发  ·  TixFun售票網·  11 月前    · 
link管理  ›  CRITICAL: old and unsafe log4j.jar file in OMERO 5.6.12 - Data Management - Image.sc Forum
log4j
https://forum.image.sc/t/critical-old-and-unsafe-log4j-jar-file-in-omero-5-6-12/100016
年轻有为的滑板
2 月前

Hi OME team,
Our over-zealous computer security folks scanned the OMERO server I run (version 5.6.12) and found an old and insecure version (v. 1.2.17) of log4j.jar in both the server and client locations in the installation. The paths are:
/opt/omero/server/OMERO.server-5.6.12-ice36/lib/server/log4j.jar
/opt/omero/server/OMERO.server-5.6.12-ice36/lib/client/log4j.jar
Looking back at the security assessment ( CVE-2021-44228 ("Log4Shell") Assessment | Open Microscopy Environment (OME) ) you guys did in 2021, it appears that there shouldn’t be a log4j package in omero at all. Did something sneak in accidently in the 5.6.12 build? The 5.6.11 build appears not to have them. If so, can I simply delete those log4j.jar files?
Thanks for a rapid response, Damir

Based on the assessment performed in the issue above and discussions with @dominikl , @will-moore and @dgault the root cause has been identified. Users are safe to delete the following JARs from their 5.6.12 distributions: 

lib/server/byte-buddy-agent.jar
lib/server/byte-buddy.jar
lib/server/jcommander.jar
lib/server/log4j.jar
lib/server/mockito-core.jar
lib/server/mockito-inline.jar
lib/server/slf4j-jdk14.jar
lib/server/slf4j-log4j12.jar
lib/server/testng.jar
lib/client/byte-buddy-agent.jar
lib/client/byte-buddy.jar
lib/client/jcommander.jar
lib/client/log4j.jar
lib/client/mockito-core.jar
lib/client/mockito-inline.jar
lib/client/slf4j-jdk14.jar
lib/client/slf4j-log4j12.jar
lib/client/testng.jar

The OME team is light on staff at the moment with summer holidays in full swing but next week should be able to decide whether to release 5.6.13 with builds based on the reversion to Ivy 2.4.0:


  • Revert "Upgrade Ivy to 2.5.2" (Fixes #6405) by chris-allan · Pull Request #6406 · ome/openmicroscopy · GitHub
    • 

    Or to pursue changes to restore 2.4.0 like functionality with Ivy 2.5.2. Such a release is unlikely to contain any changes beyond a resolution of this build regression.
    
              
    Hi All,
    

    We just released OMERO.5.6.13 which reverts the build issues discussed above: See Release of OMERO.server 5.6.13
    

    Thanks for the report @dsudar,
    

    Regards,
     
    推荐文章
    聪明的冰棍  ·  一路向西:我的川藏线骑行日记 - 嘀咕
    4 月前
    愤怒的骆驼  ·  POPUP
    5 月前
    体贴的打火机  ·  python输出为短日期格式_mob64ca12dd8bce的技术博客_51CTO博客
    5 月前
    文雅的山楂  ·  20个优秀的画布 Canvas 开源项目,铁子们有需要的可以收藏一下哟
    6 月前
    稳重的沙发  ·  TixFun售票網
    11 月前
    Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
    link管理 - 链接快照平台