CCSTUDIO: Log4j vulnerability

Danilo A.

Part Number: CCSTUDIO

Hi Team,

Our customer would like to confirm if our software tools like Code Composer Studio IDE are affected by the log4j vulnerability issue?

Regards,

Danilo

over 3 years ago

0 JohnS over 3 years ago

TI__Guru**** 162325 points

Danilo,

We have a couple threads on this topic. We will have an official response shortly.

Regards,

John

0 Danilo A. over 3 years ago in reply to JohnS

TI__Mastermind 28800 points

Hi John,

Thank you for your response. We will wait for the official response.

Regards,

Danilo

+1 JohnS over 3 years ago in reply to Danilo A.

TI__Guru**** 162325 points

Danilo,

Here is our official response.

Code Composer Studio is not impacted by the vulnerability that has been identified in log4j. Code Composer Studio includes Eclipse CDT which does include log4j. However, the version that is included is 1.2.15. This version is not impacted by the vulnerability.

For more information please see these references:

https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228) This site summarizes various Eclipse projects and their log4j status. The relevant entry is Eclipse CDT.
https://logging.apache.org/log4j/2.x/security.html Under the mitigation section it shows that log4j 1.x is not impacted by the vulnerability.

Regards,

John

0 Danilo A. over 3 years ago in reply to JohnS

TI__Mastermind 28800 points

Hi John,

Thank you very much for the confirmation that the Code Composer Studio is not affected by the log4j vulnerability issue.

Regards,

Danilo

Processors

Processors forum

CCSTUDIO: Log4j vulnerability