Arduino Hardware Support Package Log4j CVE-2021-44228 Vulnerability

11 visualizzazioni (ultimi 30 giorni)
James Cox
James Cox il 16 Dic 2021
Commentato: Volker il 29 Mar 2022
I see in the Mathworks Trust Center you have posted a response to CVE-2021-44228 Log4j vulnerability. A scan of our Matlab installation reveals Log4J version 2.12.0 in folder:
\MATLAB\SupportPackages\R2021a\aIDE\lib
I believe this is related to the installed Arduino hardware support package. This looks like the same file version shipped with the Arduino IDE version 1.8.16.
Does the Trust Center statement cover this and similar Arduino support packages?

Accedi per rispondere a questa domanda.

Risposte (1)

Sebastian
Sebastian il 21 Dic 2021
We are aware of this vulnerability. The issue arises from use of the third-party Arduino toolchain and IDE that is required by our support package.
Here is the link to Arduino’s response : Arduino's response to Log4j2 vulnerability CVE-2021-44228 – Arduino Help Center.
We are intending to update Arduino IDE that our Support Package uses as soon as feasible
  3 Commenti
Mostra 1 commento meno recente
Nick Moore
Nick Moore il 6 Gen 2022
When should we expect an update to be released? Arduino removed log4j on 12-21.
Volker
Volker il 29 Mar 2022
What is the staus of that fix? I cannot find any answer that it was fixed by now

Accedi per commentare.

Categorie

Scopri di più su Arduino Hardware in Help Center e File Exchange

Tag

Prodotti


Release

R2021a

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by