Assess whether Eclipse ESCET is vulnerable to Apache Log4j2 vulnerability (CVE-2021-44228)
A message was sent entitled "[eclipse.org-committers] PLEASE ACT: self-assess your project's vulnerability (or not) to log4j2 / CVE-2021-44228" (see https://www.eclipse.org/lists/eclipse.org-committers/msg01334.html).
It states:
You're certainly aware of the recent log4j2 vulnerability (CVE-2021-44228). Your users may have questions with regards to your project. Your users may want to know that your project is not vulnerable. Please take a moment to add your project to the table on this Wiki page. Multiple rows, for multiple versions, are most welcome.
https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228)
I will ensure that this information gets broadcast on Dec 14, once there is some information in the table.
We should check this for Eclipse ESCET and add it to the list of the mentioned Wiki page.
For more information on this CVE, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228.