[
https://issues.apache.org/jira/browse/CONNECTORS-1683?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Markus Schuch updated CONNECTORS-1683:
--------------------------------------
Description:
Dependency Log4j 2 should be upgraded to Log4J 2.16.0, because there is a known
RCE Vulnerability in previous Versions:
https://www.lunasec.io/docs/blog/log4j-zero-day/
was:Dependency Log4j 2 should be upgraded to Log4J 2.15.0, because there is a
known RCE Vulnerability in previous Versions:
https://www.lunasec.io/docs/blog/log4j-zero-day/
> Upgrade Log4J 2.16.0 (CVE-2021-44228, CVE-2021-45046)
> -----------------------------------------------------
>
> Key: CONNECTORS-1683
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1683
> Project: ManifoldCF
> Issue Type: Bug
> Components: Framework core
> Affects Versions: ManifoldCF 2.20
> Reporter: Markus Schuch
> Assignee: Markus Schuch
> Priority: Major
> Labels: CVE-2021-44228, CVE-2021-45046, security, vulnerabilities
> Fix For: ManifoldCF 2.21
>
>
> Dependency Log4j 2 should be upgraded to Log4J 2.16.0, because there is a
> known RCE Vulnerability in previous Versions:
> https://www.lunasec.io/docs/blog/log4j-zero-day/
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
