[
https://issues.apache.org/jira/browse/JENA-2211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457080#comment-17457080
]
Rob Vesse commented on JENA-2211:
---------------------------------
Yes the team is aware of the vulnerability and will look to put on a 4.3.1
release ASAP
Note that provided you are using recent Jena versions you will have a recent
enough Log4j2 dependency that the suggested workaround from the Log4j project
- adding {{-Dlog4j2.formatMsgNoLookups=true}} to the JVM arguments - can be
used in the meantime.
> upgrade log4j2 from 2.14.1 to 2.15.0
> ------------------------------------
>
> Key: JENA-2211
> URL: https://issues.apache.org/jira/browse/JENA-2211
> Project: Apache Jena
> Issue Type: Dependency upgrade
> Reporter: Øyvind Gjesdal
> Priority: Major
>
> There is CVE 2021-4228 for log4j2. Not sure how it affects the the different
> artifacts. https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
