[jira] [Commented] (OFBIZ-12474) [SECURITY] Update TIka because of Apache Log4j2 vulnerability

Thu, 06 Jan 2022 05:20:09 -0800 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-12474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469910#comment-17469910
 ] 

ASF subversion and git services commented on OFBIZ-12474:
---------------------------------------------------------

Commit 00896e73bce0ab3cb9541c37a4405b23d32911c0 in ofbiz-framework's branch 
refs/heads/release17.12 from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=00896e7 ]

Fixed: Announce 17.12.09 EOL (OFBIZ-12479)

Includes:
[SECURITY] CVE-2021-44228: Apache Log4j2 (OFBIZ-12449)
[SECURITY] CVE-2021-45105: Apache Log4j2 (OFBIZ-12470)
[SECURITY] Update TIka because of Apache Log4j2 vulnerability (OFBIZ-12474)
[SECURITY] CVE-2021-44832: Apache Log4j2 (OFBIZ-12475)


> [SECURITY] Update TIka because of Apache Log4j2 vulnerability
> -------------------------------------------------------------
>
>                 Key: OFBIZ-12474
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12474
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: Gradle
>    Affects Versions: 18.12.04, Upcoming Branch
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>             Fix For: 18.12.05
>
>
> The Apache Tika project is pleased to announce the release of Apache
> Tika 1.28. The release contents have been pushed out to the main
> Apache release site and to the Maven Central sync.
> Apache Tika is a toolkit for detecting and extracting metadata and
> structured text content from various documents using existing parser
> libraries.
> Apache Tika 1.28 contains a migration to log4j2 (2.17.0) from log4j
> as well as several other dependency upgrades. Details can be found in
> the changes file:
> https://www.apache.org/dist/tika/1.28/CHANGES-1.28.txt
> Apache Tika is available on the download page:
> https://tika.apache.org/download.html
> Apache Tika is also available in binary form or for use using Maven 2
> from the Central Repository:
> https://repo1.maven.org/maven2/org/apache/tika/
> When downloading, please remember to verify the downloads using
> signatures found: https://www.apache.org/dist/tika/KEYS
> For more information on Apache Tika, visit the project home page:
> https://tika.apache.org/
> -- Tim Allison, on behalf of the Apache Tika community



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to