[ https://issues.apache.org/jira/browse/DIRSERVER-2362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475305#comment-17475305 ]
Emmanuel Lécharny commented on DIRSERVER-2362: ---------------------------------------------- It all depends on your Log4j configuration. By default, we don't use a JMSAppender. And, yes, we plan to move to Log4j2 at some point, as Log4j1.2 is not maintained anymore. > ApacheDS 2.0.0-M17 references older log4j that has security vulnerabilities > --------------------------------------------------------------------------- > > Key: DIRSERVER-2362 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2362 > Project: Directory ApacheDS > Issue Type: Bug > Affects Versions: 2.0.0-M17 > Reporter: Michael > Priority: Major > > ApacheDS 2.0.0-M17 (apacheds-service-2.0.0-M17.jar) references older log4j > version that might have security vulnerabilities. > Does ApacheDS 2.0.0-M17 log4j reference have security vulnerabilities? > Is there a newer ApacheDS version that uses newer log4j2 that resolves the > security vulnerabilities? > > -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org