[ https://issues.apache.org/jira/browse/DIRMINA-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lécharny closed DIRMINA-1158. -------------------------------------- Resolution: Not A Problem We don't use Log4j in MINA > CVE-2022-23302/23305/23307 In log4j(1.x) > ------------------------------------------ > > Key: DIRMINA-1158 > URL: https://issues.apache.org/jira/browse/DIRMINA-1158 > Project: MINA > Issue Type: Improvement > Components: Core > Affects Versions: 2.1.4, 2.1.5 > Reporter: DONG LI > Priority: Critical > > Hi > Recently,three vulnerabilities have been discovered > :CVE-2022-23302/23305/23307 In log4j(1.x) 。 > The module “mina-core” depend on log4j 1.2.17 , > So do we have any plans to deal with these vulnerabilities? > Thanks :) > [https://www.cvedetails.com/cve/CVE-2022-23302] > [https://nvd.nist.gov/vuln/detail/CVE-2022-23305] > [https://nvd.nist.gov/vuln/detail/CVE-2022-23307] -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org