[ https://issues.apache.org/jira/browse/CONNECTORS-1683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457231#comment-17457231 ]
Markus Schuch commented on CONNECTORS-1683: ------------------------------------------- Temporary Mitigation with the 'formatMsgNoLookups' property is not possible, because it was added in version 2.10.0 ManifoldCF still uses 2.4.1 (https://github.com/apache/manifoldcf/blob/trunk/build.xml#L87) > Upgrade Log4J 2.15.0 (CVE-2021-44228) > ------------------------------------- > > Key: CONNECTORS-1683 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1683 > Project: ManifoldCF > Issue Type: Bug > Components: Framework core > Reporter: Markus Schuch > Priority: Major > Labels: CVE-2021-44228, security, vulnerabilities > > We should upgrade to Log4J 2.15.0, because there is a known RCE Vulnerability > in previous Versions: https://www.lunasec.io/docs/blog/log4j-zero-day/ -- This message was sent by Atlassian Jira (v8.20.1#820001)