[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] [EXTERNAL] Re: HTCondor and log4j status?

Thanks Jaime for the update. To be clear, there are some settings for log4j related to HDFS, but default installation of HTCondor doesn’t involve that correct?






Michael Fienen, Ph. D.
Research Hydrologist
United States Geological Survey

Upper Midwest Water Science Center
1 Gifford Pinchot Drive

Madison, Wisconsin 53726
phone:  608.821.3894




From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Jaime Frey <jfrey@xxxxxxxxxxx>
Date: Tuesday, December 14, 2021 at 11:17 AM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [EXTERNAL] Re: [HTCondor-users] HTCondor and log4j status?


 This email has been received from outside of DOI - Use caution before clicking on links, opening attachments, or responding.  


There is a little bit of java code in HTCondor that assists in running user applications written in java (i.e. the java universe), but none of it uses log4j. To our knowledge, the HTCondor Software Suite is not affected by the CVE-2021-44228 log4j vulnerability.


 - Jaime

On Dec 13, 2021, at 8:35 PM, Hitchen, Greg (IM&T, Kensington WA) <Greg.Hitchen@xxxxxxxx> wrote:


That was my impression too Steve. Just after a statement from the developers.


From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of Steven C Timm
Sent: Tuesday, 14 December 2021 10:25 AM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] HTCondor and log4j status?


htcondor is not written in Java, why would there be any log4j dependencies?  Checked all my condor installations and don't see log4j as part of it.  Of course there should be an official note from the developers.





From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Hitchen, Greg (IM&T, Kensington WA) <Greg.Hitchen@xxxxxxxx>
Sent: Monday, December 13, 2021 4:55 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] HTCondor and log4j status?


Hi All


Just wondering if or when the HTCondor Team might be able to release information about HTCondor and the

CVE-2021-44228 log4j vulnerability.


e.g. not used so no problem, or used but old version not impacted, or used and this is the mitigation/upgrade.


We, and I assume every other IT dept. are being pushed hard for info from vendors about this.







HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at: