Some of you might have read about the recently discovered critical vulnerability affecting the Log4J Java logging framework. The OPF maintains a large archive of open-source Java software which we’ve analysed to assess the impact of this issue.
There are three affected Java projects in the OPF’s portfolio but we believe that none of these is likely to be critical to our membership or the wider community.
The affected projects are:
- The Planets Suite: https://github.com/opf-labs/planets-suite
- The SCAPE tool wrapper: https://github.com/openpreserve/scape-toolwrapper
- The format identification results evaluation framework: https://github.com/opf-attic/ref
We have added a warning at the top of the READMEs for these projects for now. We will need to estimate the effort required to address this before deciding whether we attempt to fix the issues or not. Rest assured that neither JHOVE nor veraPDF, our most used Java software, are affected by this.