As one of the points of contact at CERT for LLVM, I've received messages from CERT asking if LLVM is affected by any of the recent log4j vulnerabilities: *CVE-2021-45105*, *CVE-2021-4104*, *CVE-2021-45046* and *CVE-2021-44228*. It seems CERT is reaching out to every single vendor registered with them about these vulnerabilities.
As far as I know no LLVM sub-project uses Java, so LLVM should not be vulnerable to any of the log4j issues. Before I go ahead and record in the CERT database that LLVM is not affected, I thought I'd just double check if anyone is aware of any use of Java in LLVM and/or any potential way LLVM could be affected by the recent log4j issues? Thanks, Kristof
_______________________________________________ lldb-dev mailing list lldb-dev@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-dev
