[ https://issues.apache.org/jira/browse/CONNECTORS-1683?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Markus Schuch reopened CONNECTORS-1683: --------------------------------------- Due to CVE-2021-45046 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046) an upgrade to 2.16 is strongly recommended. > Upgrade Log4J 2.15.0 (CVE-2021-44228) > ------------------------------------- > > Key: CONNECTORS-1683 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1683 > Project: ManifoldCF > Issue Type: Bug > Components: Framework core > Affects Versions: ManifoldCF 2.20 > Reporter: Markus Schuch > Assignee: Markus Schuch > Priority: Major > Labels: CVE-2021-44228, security, vulnerabilities > Fix For: ManifoldCF 2.21 > > > Dependency Log4j 2 should be upgraded to Log4J 2.15.0, because there is a > known RCE Vulnerability in previous Versions: > https://www.lunasec.io/docs/blog/log4j-zero-day/ -- This message was sent by Atlassian Jira (v8.20.1#820001)