[jira] [Created] (LOGCXX-545) Upgrade log4j to 2.17.0 - Both log4j 1 and 2 have CVE vulnerability

Chiaowen (Jira) Tue, 21 Dec 2021 02:33:27 -0800

Chiaowen created LOGCXX-545:
-------------------------------

             Summary: Upgrade log4j to 2.17.0 - Both log4j 1 and 2 have CVE 
vulnerability
                 Key: LOGCXX-545
                 URL: https://issues.apache.org/jira/browse/LOGCXX-545
             Project: Log4cxx
          Issue Type: Improvement
            Reporter: Chiaowen



Both log4j 1 and 2 have CVE vulnerability. It's necessary to upgrade log4j to 
the latest version.
||CVE||Affected log4j versions||
|[CVE-2019-17571|https://nvd.nist.gov/vuln/detail/CVE-2019-17571]|1.2.*|
|[CVE-2021-44228|https://nvd.nist.gov/vuln/detail/CVE-2021-44228]|2.0 ~ 2.14.1|
|[CVE-2021-45046|https://nvd.nist.gov/vuln/detail/CVE-2021-45046] |2.0 ~ 2.15.0|
|[CVE-2021-4104|https://nvd.nist.gov/vuln/detail/CVE-2021-4104]|1.2.*|
|[CVE-2021-45105|https://nvd.nist.gov/vuln/detail/CVE-2021-45105]|2.0 ~ 2.16.0|



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (LOGCXX-545) Upgrade log4j to 2.17.0 - Both log4j 1 and 2 have CVE vulnerability

Reply via email to