[ https://issues.apache.org/jira/browse/MRM-2023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Stockhammer reassigned MRM-2023: --------------------------------------- Assignee: Martin Stockhammer > Critical Log4j RCE bug (CVE-2021-44228) > --------------------------------------- > > Key: MRM-2023 > URL: https://issues.apache.org/jira/browse/MRM-2023 > Project: Archiva > Issue Type: Dependency upgrade > Components: Audit Logging > Affects Versions: 2.2.5 > Reporter: Robert Velter > Assignee: Martin Stockhammer > Priority: Critical > > The log4j version in archiva 2.2.5 is 2.8.2. This version is affected by > CVE-2021-44228 (RCE). > Upgrading dependency to log4j version 2.15.0 (if easy possible) would solve > this issue. > Best regards, Robert -- This message was sent by Atlassian Jira (v8.20.1#820001)