[jira] [Closed] (LOGCXX-541) Upgrade log4j to 2.15.0 - CVE-2021-44288

Robert Middleton (Jira) Sat, 11 Dec 2021 09:19:05 -0800


     [ 
https://issues.apache.org/jira/browse/LOGCXX-541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Middleton closed LOGCXX-541.
-----------------------------------
    Resolution: Not A Problem

Thorsten is correct - the issue does not affect log4j 1.x.  The use of log4j is 
to confirm interoperability with log4cxx and log4j using Java serialization 
when building the tests.

Since Java serialization has multiple known issues, the plan is to remove it in 
the next major version anyway.

> Upgrade log4j to 2.15.0 - CVE-2021-44288
> ----------------------------------------
>
>                 Key: LOGCXX-541
>                 URL: https://issues.apache.org/jira/browse/LOGCXX-541
>             Project: Log4cxx
>          Issue Type: Bug
>          Components: Tests
>            Reporter: Peter Hurley
>            Priority: Major
>              Labels: security
>
> Log4j has an RCE vulnerability, see 
> [https://www.lunasec.io/docs/blog/log4j-zero-day/]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (LOGCXX-541) Upgrade log4j to 2.15.0 - CVE-2021-44288

Reply via email to