[
https://issues.apache.org/jira/browse/PLUTO-787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Neil Griffin updated PLUTO-787:
-------------------------------
Description:
This task involves migrating the following dependencies from Log4j 1.x to Log4j
2.x due to
[CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]:
- log4j:log4j -> org.apache.logging.log4j:log4j-api-2.15.0
- org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.15.0
Also, due to
[CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]
it is necessary to use version 2.15.0 at a minimum.
was:
This task involves migrating the following dependencies from Log4j 1.x to Log4j
2.x due to
[CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]:
- log4j:log4j -> org.apache.logging.log4j:log4j-api-2.15.0
- org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.15.0
Also, due to
[CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]
> Migrate to Log4j 2.15.0 due to CVE-2019-17571 and CVE-2021-44228
> ----------------------------------------------------------------
>
> Key: PLUTO-787
> URL: https://issues.apache.org/jira/browse/PLUTO-787
> Project: Pluto
> Issue Type: Task
> Components: demo portlets
> Reporter: Neil Griffin
> Assignee: Neil Griffin
> Priority: Major
> Fix For: 3.1.1
>
>
> This task involves migrating the following dependencies from Log4j 1.x to
> Log4j 2.x due to
> [CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]:
> - log4j:log4j -> org.apache.logging.log4j:log4j-api-2.15.0
> - org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.15.0
> Also, due to
> [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]
> it is necessary to use version 2.15.0 at a minimum.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
