This is an automated email from the ASF dual-hosted git repository. rpopma pushed a commit to branch release-2.x in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release-2.x by this push: new b964eea [DOC] remove duplicate entry for cve-2021-44228 b964eea is described below commit b964eeab0d900acd1de20c179ebd1ead0bde0d4e Author: rpopma <rpo...@apache.org> AuthorDate: Fri Dec 17 10:05:24 2021 +0900 [DOC] remove duplicate entry for cve-2021-44228 --- src/site/markdown/security.md | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 8addf4c..a442b01 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -235,22 +235,6 @@ This issues was discovered by Peter Stöckli. - [CVE-2020-9488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488) - [LOG4J2-2819](https://issues.apache.org/jira/browse/LOG4J2-2819) -## <a name="log4j-2.12.2"/> Fixed in Log4j 2.12.2 (Java 7) - -<a name="CVE-2021-44228"/><a name="cve-2021-44228"/> -[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228): Apache Log4j2 JNDI -features do not protect against attacker controlled LDAP and other JNDI related endpoints. - -|[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) | | -| --------------- | -------- | -| Severity | Critical | -| Base CVSS Score | 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | -| Versions Affected | All versions from 2.0-beta9 to 2.14.1 | - -See [above](#log4j-2.15.0) for details. - -### References -- [LOG4J2-3220](https://issues.apache.org/jira/browse/LOG4J2-3220) ## <a name="log4j-2.8.2"/> Fixed in Log4j 2.8.2 (Java 7) <a name="CVE-2017-5645"/><a name="cve-2017-5645"/>