Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE 2018-1285 critical vulnerability #426

Open
totszwai opened this issue May 27, 2024 · 1 comment
Open

CVE 2018-1285 critical vulnerability #426

totszwai opened this issue May 27, 2024 · 1 comment

Comments

@totszwai
Copy link

totszwai commented May 27, 2024

Hello, this extension is being flagged with a critical vulnerability

image

Looks like FineCodeCoverage is using an extremely old version of Apache log4net, they already had a fix for this 4 years ago.
https://github.com/apache/logging-log4net/releases

@totszwai
Copy link
Author

I took the latest release from log4net, version 2.0.17.
Grabbed the DLL from the net45 folder and replaced it in my local install of FineCodeCoverage, which seems to get rid of the vulnerability flagging and FineCodeCoverage extension seem to still run just fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant