What does it matter if its in the repo but not installed? It would only be vulnerable to you if installed no? ------ Original Message ------ From: "Henry lol" <pub.virtualization@gmail.com> To: "users" <users@ovirt.org> Sent: 16/12/2021 7:17:14 PM Subject: [ovirt-users] Is vulnerable log4j package necessary in my ovirt repo?

Hello,

I found that the vulnerable log4j-2.13.0-1 package is in oVirt repository, but not installed even after the oVirt setup. So, I want to remove that package from my private oVirt repository if it's not necessary.

but I'm not sure what will happen by doing so. Is there any side effects? _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/7HGX3H7JFU4HBW...