Arduino Hardware Support Package Log4j CVE-2021-44228 Vulnerability
조회 수: 25 (최근 30일)
이전 댓글 표시
I see in the Mathworks Trust Center you have posted a response to CVE-2021-44228 Log4j vulnerability. A scan of our Matlab installation reveals Log4J version 2.12.0 in folder:
\MATLAB\SupportPackages\R2021a\aIDE\lib
I believe this is related to the installed Arduino hardware support package. This looks like the same file version shipped with the Arduino IDE version 1.8.16.
Does the Trust Center statement cover this and similar Arduino support packages?
댓글 수: 0
답변 (2개)
Sebastian
2021년 12월 21일
We are aware of this vulnerability. The issue arises from use of the third-party Arduino toolchain and IDE that is required by our support package.
Here is the link to Arduino’s response : Arduino's response to Log4j2 vulnerability CVE-2021-44228 – Arduino Help Center.
We are intending to update Arduino IDE that our Support Package uses as soon as feasible
댓글 수: 3
Nick Moore
2022년 1월 6일
When should we expect an update to be released? Arduino removed log4j on 12-21.
Volker
2022년 3월 29일
What is the staus of that fix? I cannot find any answer that it was fixed by now
MathWorks MATLAB Hardware Team
2024년 7월 16일
Hi,
MATLAB versions from R2019a to R2021a have a log4j vulnerability in both the MATLAB and Simulink Support Packages for Arduino hardware.
From R2021b to R2023b, we upgraded our support package to eliminate this vulnerability.
Please consider updating MATLAB to any version after R2021b and installing the support package if you wish to work with Arduino without any vulnerability.
Thanks,
MATLAB Hardware Team
MathWorks
댓글 수: 0
참고 항목
카테고리
Help Center 및 File Exchange에서 MATLAB Support Package for Arduino Hardware에 대해 자세히 알아보기
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!