[
https://issues.apache.org/jira/browse/JENA-2211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457088#comment-17457088
]
Andy Seaborne commented on JENA-2211:
-------------------------------------
Thanks [~oyvind.gjesdal]
And Java11 helps because: (from the CVE announcement):
{quote}Java 8u121 (see
https://www.oracle.com/java/technologies/javase/8u121-relnotes.html) protects
against remote code execution by defaulting
"com.sun.jndi.rmi.object.trustURLCodebase" and
"com.sun.jndi.cosnaming.object.trustURLCodebase" to "false".
{quote}
> upgrade log4j2 from 2.14.1 to 2.15.0
> ------------------------------------
>
> Key: JENA-2211
> URL: https://issues.apache.org/jira/browse/JENA-2211
> Project: Apache Jena
> Issue Type: Dependency upgrade
> Reporter: Øyvind Gjesdal
> Priority: Major
>
> There is CVE 2021-4228 for log4j2. Not sure how it affects the the different
> artifacts. https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
