From: "austin (Austin Ziegler)" <noreply@...>
Date: 2021-12-23T14:53:19+00:00
Subject: [ruby-core:106778] [Ruby master Bug#18424] Is Ruby is vulnerable to log4j?

Issue #18424 has been updated by austin (Austin Ziegler).


salamani (Ravi Salamani) wrote in #note-2:
> mame (Yusuke Endoh) wrote in #note-1:
> > The Ruby package itself does not depend on log4j. For an application or library written in Ruby, please ask to its maintainer.
> 
> https://github.com/ruby/ruby/blob/master/spec/bundler/resolver/platform_spec.rb#L31 Does it installs log4j?

This is a Ruby spec that verifies bundler. This particular path would only be run by JRuby and possibly TruffleRuby, as CRuby is not written with Java.

----------------------------------------
Bug #18424: Is Ruby is vulnerable to log4j?
https://bugs.ruby-lang.org/issues/18424#change-95480

* Author: salamani (Ravi Salamani)
* Status: Rejected
* Priority: Normal
* ruby -v: master
* Backport: 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN
----------------------------------------
I observed that the ruby uses zookeeper, dep "slyphon-log4j", "= 1.2.15".
Is Ruby is vulnerable to log4j?



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>