[
https://issues.apache.org/jira/browse/NIFI-9505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462754#comment-17462754
]
ASF subversion and git services commented on NIFI-9505:
-------------------------------------------------------
Commit abc45ac67f5dbc49eb0c7567a493c90ee350055c in nifi's branch
refs/heads/support/nifi-1.15 from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=abc45ac ]
NIFI-9504 Upgraded Logback from 1.2.8 to 1.2.9
NIFI-9505 Upgraded Log4j 2 from 2.16.0 to 2.17.0
Signed-off-by: Chris Sampson <[email protected]>
This closes #5615
> Upgrade Log4j 2 to 2.17.0
> -------------------------
>
> Key: NIFI-9505
> URL: https://issues.apache.org/jira/browse/NIFI-9505
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Fix For: 1.16.0, 1.15.2
>
>
> Log4j 2 version 2.17.0 addresses a potential vulnerability in non-standard
> logging configurations using Thread Context Map lookup capabilities,
> described in [CVE-2021-45105|https://www.cve.org/CVERecord?id=CVE-2021-45105].
> Although NiFi does not use Log4j 2 for runtime logging, upgrading to version
> 2.17.0 avoids potential references to older versions in external components.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
