You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@netbeans.apache.org by "Ashley Dingman (Jira)" <ji...@apache.org> on 2022/02/04 22:05:00 UTC

[jira] [Created] (NETBEANS-6441) Upgrade log4j to latest version

Ashley Dingman created NETBEANS-6441:
----------------------------------------

             Summary: Upgrade log4j to latest version
                 Key: NETBEANS-6441
                 URL: https://issues.apache.org/jira/browse/NETBEANS-6441
             Project: NetBeans
          Issue Type: Improvement
    Affects Versions: 12.1
            Reporter: Ashley Dingman


# Which versions of your products utilize Log4j 1.x?
 # Do they utilize the JMSAppender or SocketServer classes?
 # Do you have any mitigation options available for addressing both CVE-2019-17571 and CVE-2021-4104?
 ## Would it impact the product if we deleted both the net/JMSAppender.class and net/SocketServer.class from the Log4j 1.x JAR itself?
 ## If they are not used can they be removed (required to be approved not-vulnerable)?
 # Can you provide a roadmap of when you plan to move Log4j version 2.15 or higher (or remove log4j)?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists