[
https://issues.apache.org/jira/browse/CONNECTORS-1683?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Markus Schuch resolved CONNECTORS-1683.
---------------------------------------
Resolution: Fixed
> Upgrade Log4J 2.17.0
> --------------------
>
> Key: CONNECTORS-1683
> URL: https://issues.apache.org/jira/browse/CONNECTORS-1683
> Project: ManifoldCF
> Issue Type: Bug
> Components: Framework core
> Affects Versions: ManifoldCF 2.20
> Reporter: Markus Schuch
> Assignee: Markus Schuch
> Priority: Major
> Labels: CVE-2021-44228, CVE-2021-45046, CVE-2021-45105,
> security, vulnerabilities
> Fix For: ManifoldCF 2.21
>
>
> Dependency Log4j 2 should be upgraded to Log4J 2.16.0, because there is a
> known RCE Vulnerability in previous Versions:
> https://www.lunasec.io/docs/blog/log4j-zero-day/
> CVE-2021-44228
> CVE-2021-45046
> CVE-2021-45105
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
