23307 In log4j(1.x)

Jira Sun, 06 Feb 2022 00:02:06 -0800


     [ 
https://issues.apache.org/jira/browse/DIRMINA-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Emmanuel Lécharny closed DIRMINA-1158.
--------------------------------------
    Resolution: Not A Problem

We don't use Log4j in MINA

> CVE-2022-23302/23305/23307  In log4j(1.x) 
> ------------------------------------------
>
>                 Key: DIRMINA-1158
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-1158
>             Project: MINA
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 2.1.4, 2.1.5
>            Reporter: DONG LI
>            Priority: Critical
>
> Hi
> Recently，three vulnerabilities have been discovered 
> ：CVE-2022-23302/23305/23307  In log4j(1.x) 。
> The module “mina-core” depend on log4j 1.2.17 ，
> So do we have any plans to  deal with these vulnerabilities?
> Thanks ：）
> [https://www.cvedetails.com/cve/CVE-2022-23302]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-23305]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-23307]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

[jira] [Closed] (DIRMINA-1158) CVE-2022-23302/23305/23307 In log4j(1.x)

Reply via email to