Arduino Hardware Support Package Log4j CVE-2021-44228 Vulnerability

11 visualizaciones (últimos 30 días)
James Cox
James Cox el 16 de Dic. de 2021
Comentada: Volker el 29 de Mzo. de 2022
I see in the Mathworks Trust Center you have posted a response to CVE-2021-44228 Log4j vulnerability. A scan of our Matlab installation reveals Log4J version 2.12.0 in folder:
\MATLAB\SupportPackages\R2021a\aIDE\lib
I believe this is related to the installed Arduino hardware support package. This looks like the same file version shipped with the Arduino IDE version 1.8.16.
Does the Trust Center statement cover this and similar Arduino support packages?

Iniciar sesión para responder a esta pregunta.

Respuestas (1)

Sebastian
Sebastian el 21 de Dic. de 2021
We are aware of this vulnerability. The issue arises from use of the third-party Arduino toolchain and IDE that is required by our support package.
Here is the link to Arduino’s response : Arduino's response to Log4j2 vulnerability CVE-2021-44228 – Arduino Help Center.
We are intending to update Arduino IDE that our Support Package uses as soon as feasible
  3 comentarios
Mostrar 1 comentario más antiguo
Nick Moore
Nick Moore el 6 de En. de 2022
When should we expect an update to be released? Arduino removed log4j on 12-21.
Volker
Volker el 29 de Mzo. de 2022
What is the staus of that fix? I cannot find any answer that it was fixed by now

Iniciar sesión para comentar.

Categorías

Más información sobre Arduino Hardware en Help Center y File Exchange.

Etiquetas

Productos


Versión

R2021a

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by