knime-rdkit icon indicating copy to clipboard operation
knime-rdkit copied to clipboard

Published 20 hours ago verified publisher icon rdkit

Log4j Security Vulnerability

Open manuelschwarze opened this issue 3 years ago • 1 comments

The RDKit nodes plugin makes use of the OPSIN library, which has a dependency to log4j 2.14.1 in our current RDKit nodes version. It is kind of hidden, because we built the OPSIN library into a single JAR file that bundles all dependencies. I raised an issue in the OPSIN project yesterday, and Dan has fixed it immediately updating to log4j 2.15.1. We should get that update into the RDKit nodes ASAP for the nightly build, and should also consider releasing it to KNIME 4.3, 4.4 and 4.5. @greglandrum, I will require your code review and approval.

manuelschwarze avatar Dec 14 '21 17:12 manuelschwarze

No worries. I will review the PR once it comes in. I would like to update the RDKit binaries before we do a release; PR for that coming this week

greglandrum avatar Dec 14 '21 19:12 greglandrum