[
https://issues.apache.org/jira/browse/LOG4J2-3218?focusedWorklogId=695078&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-695078
]
ASF GitHub Bot logged work on LOG4J2-3218:
------------------------------------------
Author: ASF GitHub Bot
Created on: 13/Dec/21 14:17
Start Date: 13/Dec/21 14:17
Worklog Time Spent: 10m
Work Description: rocketraman opened a new pull request #21:
URL: https://github.com/apache/logging-log4j-kotlin/pull/21
@jvz I'll merge this to master shortly, but given the visibility of this
issue, but FYI. We should probably cut a new release sooner rather than later.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 695078)
Remaining Estimate: 0h
Time Spent: 10m
> Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228
> ------------------------------------------------------------------------------
>
> Key: LOG4J2-3218
> URL: https://issues.apache.org/jira/browse/LOG4J2-3218
> Project: Log4j 2
> Issue Type: Dependency upgrade
> Components: Kotlin API
> Affects Versions: Kotlin 1.1.0
> Reporter: Raman Gupta
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Kotlin API currently depends on log4j2 API version 2.13.2 which, assuming
> users are using the corresponding implementation, is vulnerable by default to
> CVE-2021-44228. Update dependency to 2.15.0.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
