This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
Is Code Composer Studio open to exploitation from the Log4J vulnerability since it includes the log4j JAR files within the Eclipse plugins directory (v9.3)?
I could not find CCS or Eclipse mentioned on the GitHub site: GitHub - cisagov/log4j-affected-db
It would be good to get an official response in this. I have not seen any official response on this topic from TI.
Martin,
Code Composer Studio is not impacted by the vulnerability that has been identified in log4j. Code Composer Studio includes Eclipse CDT which does include log4j. However, the version that is included is 1.2.15. This version is not impacted by the vulnerability.
For more information please see these references:
Regards,
John
Hello John,
Is it correct my understanding that all CCS versions are not affected by the log4J vulnerability because the CCS is used Log4j 1.x?
Regards,
Sato
Sato,
Yes this is correct. All versions of CCS are not impacted by the vulnerability.
Regards,
John