Is the 'apache log4j' vulnabillity a danger for Odoo?
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Kế toán
- Tồn kho
- PoS
- Project
- MRP
Câu hỏi này đã bị gắn cờ
3
Trả lời
6753
Lượt xem
Neither Odoo as a product (Community Edition or Enterprise Edition - without third-party Apps), nor Odoo SaaS, Odoo.sh or Odoo IAP services use any java-related technologies that would be vulnerable to this attack, directly or indirectly.
We're monitoring the situation with our subprocessors for the Odoo cloud, but we control the software and OS stacks of our data-processing systems, and customer data is encrypted at rest and in transit, so there should be no possibility of impact.
Third-party Apps/modules that integrate with external systems should however be reviewed by their authors and integrators, as part of a complete inventory of their IT assets and dependencies, in light of CVE-2021-44228.
Is Odoo using Docker in Odoo.sh? Docker using java and they are update it to a new release.
@CortexIT no, docker as a software does not use any Java technology. The update is for the `docker scan` plugin in order to allow it to detect the log4j vulnerability inside docker images. It's not to fix the vulnerability, but to help you detect it if you have it in your docker images.
Also, Odoo.sh doesn't use docker ;-)
@Olivier Thanks for your explanation
There is no java in the default Odoo stack.
Bạn có hứng thú với cuộc thảo luận không? Đừng chỉ đọc, hãy tham gia nhé!
Tạo tài khoản ngay hôm nay để tận hưởng các tính năng độc đáo và tham gia cộng đồng tuyệt vời của chúng tôi!
Đăng ký| Bài viết liên quan | Trả lời | Lượt xem | Hoạt động | |
|---|---|---|---|---|
|
0
thg 6 25
|
435 | ||
|
0
thg 1 25
|
1573 | ||
|
0
thg 1 25
|
1591 | ||
|
1
thg 12 24
|
2130 | ||
|
0
thg 5 24
|
1658 |
