Yes, upgrading to 2.17.1 will work on Axis 1.8.0.
We are all volunteers so we have no ETA besides it will go out soon.
On Wed, Jan 26, 2022 at 11:21 AM Malaluan, Jay Joel <
jayjoel.malal...@ethoca.com> wrote:
> Hi,
>
>
>
> Appreciate the feedback!
>
>
>
> At this point. Should we just use the la
Hi,
Appreciate the feedback!
At this point. Should we just use the latest axis2-1.8.0.war and patch the
lower log4j 2.14.1 version to the newer 2.17.0? Has that been done and proven
to work on your end?
When can we expect the 1.8.1 to be available?
Thanks.
From: robertlazarski
Reply-To: "j
The latest log4j2 is 2.17.1. That's the version used in our pom.xml in git.
1.6.x actually ships with log4j 1.x.
The Axis2 release of 1.8.0 shipped log4j2 jars, which unfortunately needs
to be patched manually via the latest jars.
We'll be releasing 1.8.1 soon that will fix that.
On Wed, Jan 26
Hi,
During December 2021. There was a log4j wide vulnerability. For reference,
https://logging.apache.org/log4j/2.x/security.html.
At that time our company did some patching to address our vulnerable components.
We use a very old version of the axis2.war which is v1.6.x. Based from our
internal
