[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Log4j Vulnerability Status
From: |
Jean Abou Samra |
Subject: |
Re: Log4j Vulnerability Status |
Date: |
Mon, 7 Feb 2022 23:58:21 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 |
Le 07/02/2022 à 23:23, Murphy Sifa a écrit :
Hi Lilypond Software,
We are analysing our suite of SaaS vendors for exposure to the log4j
vulnerability. I can’t find a statement on your page about the
products that La Trobe is using.
Can you please provide me with the log4j vulnerability status of your
products?
Thank you
IS-Security La Trobe University
Well, LilyPond is not SaaS (and also free/libre software and
not sold by the way), and does not run in a web browser but
on your computer. The log4shell vulnerability has no relevance
for LilyPond. It may be relevant if you are using LilyPond
through some kind of Web-based editor, in which case you
would have to contact that team for information.
Best regards,
Jean