Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

AWS NoSQL Workbench log4j

0

Can you point me to someone that can confirm for a customer that NoSQL Workbench is not using Log4j?

Temas
Base de datos
Etiquetas
Amazon DynamoDB
Idioma
English
profile pictureAWS
Tim Seyfried
preguntada hace 2 años250 visualizaciones
1 Respuesta
1
Respuesta aceptada

NoSQL Workbench is an electron app and doesn't use Java so wouldn't be vulnerable to log4j. You can download the source code here: https://aws.amazon.com/nosql/nosql-workbench-license/source-code-notice/

AWS
Chris Pollard
respondido hace 2 años
  • Tim Seyfried
    hace 2 años

    In the documentation, it says JavaScript is used.
    Can you clarify if it is vulnerable to the log4j issue?

    Documentation: https://www.electronjs.org/docs/latest/ What is Electron? Electron is a framework for building desktop applications using JavaScript, HTML, and CSS. By embedding Chromium and Node.js into its binary, Electron allows you to maintain one JavaScript codebase and create cross-platform apps that work on Windows, macOS, and Linux — no native development experience required.

  • Chris Pollard
    hace 2 años

    log4j is a vulnerability that affects a Java dependency. Javascript is different from Java and a JavaScript program cannot depend on the Java log4j library. Therefore, NoSQL Workbench is not vulnerable to the log4j issue.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante