[jira] [Resolved] (MRM-2027) Update log4j2 to 2.17.0

Martin Stockhammer (Jira) Sat, 18 Dec 2021 03:35:06 -0800


     [ 
https://issues.apache.org/jira/browse/MRM-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martin Stockhammer resolved MRM-2027.
-------------------------------------
    Resolution: Fixed

Added to pom.xml

> Update log4j2 to 2.17.0
> -----------------------
>
>                 Key: MRM-2027
>                 URL: https://issues.apache.org/jira/browse/MRM-2027
>             Project: Archiva
>          Issue Type: Improvement
>    Affects Versions: 2.2.6
>            Reporter: Martin Stockhammer
>            Assignee: Martin Stockhammer
>            Priority: Major
>             Fix For: 2.2.7
>
>
> There is another vulnerability for log4j2
> [CVE-2021-45105|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105]
> It is considered as low risk for archiva, should work only when users change 
> the log configuration. But we add this update for the next release.
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (MRM-2027) Update log4j2 to 2.17.0

Reply via email to