[ https://issues.apache.org/jira/browse/PLUTO-787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Neil Griffin closed PLUTO-787. ------------------------------ Resolution: Fixed > Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228 > ---------------------------------------------------------------- > > Key: PLUTO-787 > URL: https://issues.apache.org/jira/browse/PLUTO-787 > Project: Pluto > Issue Type: Task > Components: demo portlets, maven archetypes > Reporter: Neil Griffin > Assignee: Neil Griffin > Priority: Major > Fix For: 3.1.1 > > > This task involves migrating the following dependencies from Log4j 1.x to > Log4j 2.x due to > [CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]: > - log4j:log4j -> org.apache.logging.log4j:log4j-api-2.16.0 > - org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.16.0 > Also, due to > [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228] > (which only affects Log4j2) it is necessary to use version 2.16.0 at a > minimum. -- This message was sent by Atlassian Jira (v8.20.1#820001)