[OS X TeX] log4j use in MacTeX 2021

Gerben Wierda via MacOSX-TeX macosx-tex at email.esm.psu.edu
Sat Dec 25 01:07:41 CET 2021

The CAST tool form Crowdstrike marks /usr/local/texlive/2021/texmf-dist/scripts/arara as something that contains the use of a vulnerable log4j  implementation. Many of these lines appear.


Maybe best to remove it. I did. In Terminal (use at your own risk and especially do not enter any spaces in the command below that aren’t there already, copy paste will be correct):

sudo rm -rf /usr/local/texlive/2021/texmf-dist/scripts/arara

Basically, I don’t know if using array may mean there is a vulnerability (probably not) but as I am strapped for time and I don’t need array, this was th quick and dirty way to get rid of the positive.

Tool used for scanning: https://github.com/CrowdStrike/CAST/releases

Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/macostex-archives/attachments/20211225/7272e14b/attachment.html>
-------------- next part --------------
----------- Please Consult the Following Before Posting -----------
TeX FAQ: http://www.tex.ac.uk/faq
List Reminders and Etiquette: https://sites.esm.psu.edu/~gray/TeX/
List Archives: http://dir.gmane.org/gmane.comp.tex.macosx
TeX on Mac OS X Website: http://mactex-wiki.tug.org/
List Info: https://email.esm.psu.edu/mailman/listinfo/macosx-tex

More information about the macostex-archives mailing list.