[jira] [Created] (MRM-2027) Update log4j2 to 2.17.0

Martin Stockhammer (Jira) Sat, 18 Dec 2021 03:35:06 -0800

Martin Stockhammer created MRM-2027:
---------------------------------------


             Summary: Update log4j2 to 2.17.0
                 Key: MRM-2027
                 URL: https://issues.apache.org/jira/browse/MRM-2027
             Project: Archiva
          Issue Type: Improvement
    Affects Versions: 2.2.6
            Reporter: Martin Stockhammer
             Fix For: 2.2.7


There is another vulnerability for log4j2

[CVE-2021-45105|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105]

It is considered as low risk for archiva, should work only when users change 
the log configuration. But we add this update for the next release.

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (MRM-2027) Update log4j2 to 2.17.0

Reply via email to