[ https://issues.apache.org/jira/browse/DOXIA-610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sylwester Lachiewicz updated DOXIA-610: --------------------------------------- Fix Version/s: 1.9.2 > Update doxia-module-fo to not use log4j > --------------------------------------- > > Key: DOXIA-610 > URL: https://issues.apache.org/jira/browse/DOXIA-610 > Project: Maven Doxia > Issue Type: Dependency upgrade > Components: Module - FO > Affects Versions: 1.9.1 > Reporter: John Burnham > Assignee: Sylwester Lachiewicz > Priority: Major > Fix For: 1.9.2 > > > This is critical for a release. The version of log4j is 1.2.17 and contains > the following security risk: > [CVE_2020_9488|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488] > This should be updated to use org.apache.logging.log4j:log4j-core:2.13.2 -- This message was sent by Atlassian Jira (v8.3.4#803005)