Major news carriers have been reporting recently on log4j vulnerabilities in Java applications. Both the OME team in Dundee as well as Glencoe Software have evaluated the libraries used by OMERO.server and OMERO.insight. We can say with confidence that OMERO and OMERO Plus are not vulnerable, as they do not utilize log4j and no immediate action that needs to be taken.
The only remaining use of log4j in OME software is in the
deprecated
loci_tools.jar which we will now be removing. The bioformats_package.jar uber-jar
provides the same functionality using the logback library
for logging. This has been published as
2021-SV4 log4j in loci_tools.jar.
— December 13, 2021
© 2005-2024 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 4.0 International License
OME source code is available under the GNU General public license or more permissive open source licenses, or through commercial license from Glencoe Software Inc.
OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of Glencoe Software Inc., which holds these marks to protect them on behalf of the OME community.
[ Site Map ]
Version: 2024.11.14