Exciting changes are coming as we upgrade our community website. You may notice a fresh new look and some differences in how things work. We will post more details soon and can’t wait to welcome you to our improved space!

Forum Discussion

HZO-GB's avatar
HZO-GB
Active Contributor
2 years ago
Solved

CVE-2018-1285 Apache log4net XML External Entity Vulnerability

********************************** EDIT1: 2024/05/06 DESPITE THE "SOLVED" MARKINGS THE VULNERABILITY REMAINS. DO NOT BE FOOLED BY GOTO! **********************************   Why is this ancient C...
  • GlennD's avatar
    GlennD
    2 years ago

    Hi HZO-GB, welcome to the community.

     

    The team is aware of this issue and it is being worked on currently. When an update is available I will share it here.

     

GlennD's avatar
GlennD
GoTo Manager
2 years ago

Hi HZO-GB, welcome to the community.

 

The team is aware of this issue and it is being worked on currently. When an update is available I will share it here.

 

HZO-GB's avatar
HZO-GB
Active Contributor
2 years ago

Thank you GlennD for the update. My complaint is that Apache has patched the DLL since 2020, and yet in 2024 GoTo is still looking into re-compiling the connector software so the new version DLL is added o the latest version.

 

This I find unacceptable from security practices perspective. This is one of the easiest vulnerability to remediate yet here I am opening and re-opening tickets,  posting on the community forum, waiting months and vocally pushing for a patch with no ETA except "we are looking into it"