KiCad affected by log4j security issue?

pe_mfinke · December 21, 2021, 9:31am

Dear Forum, dear Support-Team,

as a user of KiCad, we are concerned if this is affected by the log4j security issue?
https://logging.apache.org/log4j/2.x/

An answer would be highly appreciated.

Thanks in advance.
Matthias

retiredfeline · December 21, 2021, 9:36am

There is no Java code in KiCad.

marekr · December 21, 2021, 12:46pm

This post makes me depressed.

davidsrsb · December 21, 2021, 2:26pm

It’s a fair question, the Log4j issue is causing havoc and there is a lot of software and equipment that is wide open.
I’m more worried about my router

twl · December 21, 2021, 11:56pm

Given the way many router manufacturers deliver their firmware updates, I wouldn’t be surprised if some of them are still vulnerable to shellshock

retiredfeline · December 22, 2021, 12:05am

Just saw that the Arduino IDE released two versions in quick succession to deal with not just the original log4shell vulnerability but also a subsequently discovered DoS vulnerability. In the end they just ditched log4j:

ARDUINO 1.8.19 2021.12.20 SECURITY HOTFIX RELEASE

[ide]

Removed log4j from IDE. Fix CVE-2021-45105, CVE-2021-45046

Though it’s highly unlikely that an individual’s IDE would be targetted. What I’m more concerned about is some business entity that has my personal information, using Java on their Internet facing site, getting hacked and the information exfiltrated.

system · March 22, 2022, 12:05am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.