[ovirt-users] Re: Is vulnerable log4j package necessary in my ovirt repo?

Thursday, 16 December 2021

What does it matter if its in the repo but not installed? It would only 
be vulnerable to you if installed no?

------ Original Message ------
From: "Henry lol" <pub.virtualization(a)gmail.com&gt;
To: "users" <users(a)ovirt.org&gt;
Sent: 16/12/2021 7:17:14 PM
Subject: [ovirt-users] Is vulnerable log4j package necessary in my ovirt 
repo?

...
Hello,

I found that the vulnerable log4j-2.13.0-1 package is in oVirt
repository, but not installed even after the oVirt setup.
So, I want to remove that package from my private oVirt repository if
it's not necessary.

but I'm not sure what will happen by doing so. Is there any side effects?
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/7HGX3H7JFU4...

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[ovirt-users] Re: Is vulnerable log4j package necessary in my ovirt repo?