Products from Eclipse Software foundation has been less affected by Log4j vulnerability. Except one or 2 products most of the others doesn’t use Log4j for logging mechanism so they are not impacted. Even though some of the products use 1.x version of Log4j, this vulnerability doesn’t affect those versions. Eclipse Team has come out with a status page on the list of affected and not affected products (Some the below products use logj 2.15.x which is also vulnerable so upgrade to the latest log4j 2.16.0
Products impacted: Passage & Eclipse Packaging Project
Products not impacted by CVE-2021-44228:
- Eclipse Installer
- Eclipse SDK
- EGit
- Jetty
- StatET
- Web Tools Platform
- Scout Runtime
- Eclipse Hawk
- Eclipse Theia
- Eclipse Dash
- Linux Tools
- Eclipse JKube
- Eclipse Modeling Framework (EMF)
- XML Schema Definition (XSD)
- JustJ
- Oomph
- CDO Model Repository
- EMF Teneo
- N4JS
- Eclipse Krazo
- Eclipse APP4MC IDE
- Eclipse APP4MC Cloud Service Manager
- Eclipse APP4MC Cloud Services
- Eclipse GlassFish
- Eclipse RAP
- Eclipse SWTChart
- Eclipse ChemClipse
- VIATRA
- Sirius
- EMF Validation
- EMF Transaction
- GMF Runtime
- Ecore Tools
- EMF Compare
- Acceleo
- Graphiti
- Eclipse BaSyx
- Eclipse Lyo
- Eclipse mdmbl
- Eclipse Capella
- Eclipse Kitalpha
- Eclipse Amalgam
- Eclipse Diffmerge
- Eclipse EGF
- Eclipse Memory Analyzer
- Eclipse Babel
- Eclipse Collections
- Cyclone DDS
- Eclipse OneOFour
- Eclipse Titan
- Eclipse Californium
- Eclipse Hara
- CHESS
- Eclipse Hono
- Buildship
- Eclipse Mosquitto
- Eclipse Streamsheets
- Eclipse Cloe
- Trace Compass
- Trace Compass Incubator
- Eclipse CDT
- Eclipse Embed CDT
- Eclipse LSP4J
- Eclipse LSP4E
- Eclipse PTP
- Eclipse SUMO
- Eclipse tinydtls
- Eclipse Che
- Eclipse Kura
- Eclipse GLSP
- Eclipse ESCET
- EclipseLink
- Eclipse Metro
- Eclipse Angus
- Eclipse Parsson