[jira] [Resolved] (KARAF-7398) Update pax logging to 2.0.16 / 1.11.15

Jira Tue, 01 Mar 2022 03:38:14 -0800


     [ 
https://issues.apache.org/jira/browse/KARAF-7398?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré resolved KARAF-7398.
-----------------------------------------
    Fix Version/s:     (was: 4.3.7)
                       (was: 4.2.16)
       Resolution: Duplicate

> Update pax logging to 2.0.16 / 1.11.15
> --------------------------------------
>
>                 Key: KARAF-7398
>                 URL: https://issues.apache.org/jira/browse/KARAF-7398
>             Project: Karaf
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Priority: Major
>
> This task is to update pax logging to 2.0.16 for 4.3.x, and 1.11.15 for 
> 4.2.x. 
> Pax Logging 1.11.14 uses Reload4J 1.2.18.2, but there are CVE issues fixed 
> since then:
>  * XML entity injection attack - fixed in 1.2.18.3 by hardening
>  * [CVE-2020-9488 (SMTPAppender)|https://cve.report/CVE-2020-9488] fixed in 
> 1.2.18.3 by hardening



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (KARAF-7398) Update pax logging to 2.0.16 / 1.11.15

Reply via email to