Martin Stockhammer created MRM-2027: ---------------------------------------
Summary: Update log4j2 to 2.17.0 Key: MRM-2027 URL: https://issues.apache.org/jira/browse/MRM-2027 Project: Archiva Issue Type: Improvement Affects Versions: 2.2.6 Reporter: Martin Stockhammer Fix For: 2.2.7 There is another vulnerability for log4j2 [CVE-2021-45105|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105] It is considered as low risk for archiva, should work only when users change the log configuration. But we add this update for the next release. -- This message was sent by Atlassian Jira (v8.20.1#820001)