[ https://issues.apache.org/jira/browse/CONNECTORS-1683?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Markus Schuch resolved CONNECTORS-1683. --------------------------------------- Resolution: Fixed > Upgrade Log4J 2.16.0 (CVE-2021-44228, CVE-2021-45046) > ----------------------------------------------------- > > Key: CONNECTORS-1683 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1683 > Project: ManifoldCF > Issue Type: Bug > Components: Framework core > Affects Versions: ManifoldCF 2.20 > Reporter: Markus Schuch > Assignee: Markus Schuch > Priority: Major > Labels: CVE-2021-44228, CVE-2021-45046, security, vulnerabilities > Fix For: ManifoldCF 2.21 > > > Dependency Log4j 2 should be upgraded to Log4J 2.16.0, because there is a > known RCE Vulnerability in previous Versions: > https://www.lunasec.io/docs/blog/log4j-zero-day/ -- This message was sent by Atlassian Jira (v8.20.1#820001)