You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2021/12/17 17:52:02 UTC
[struts-site] branch master updated: Adds announcement about Log4j 2.12.2/2.16.0
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new 527bd01 Adds announcement about Log4j 2.12.2/2.16.0
527bd01 is described below
commit 527bd01e312aff6ab8872cc6c5cf9f6bc3b33a9d
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Fri Dec 17 18:51:56 2021 +0100
Adds announcement about Log4j 2.12.2/2.16.0
---
source/index.html | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/source/index.html b/source/index.html
index 7c4ab32..4b236a8 100644
--- a/source/index.html
+++ b/source/index.html
@@ -31,12 +31,12 @@ title: Welcome to the Apache Struts project
<a href="{{ site.wiki_url }}/Version+Notes+{{ site.current_version }}">Version notes</a>
</div>
<div class="column col-md-4">
- <h2>Security Advice on Log4j 2.15.0</h2>
+ <h2>Security Advice on Log4j 2.12.2/2.16.0</h2>
<p>
The Apache Struts Security team would like to announce that all the users using
- the latest Struts 2.5.x series should upgrade Log4j library to the
- latest 2.15.0 version which addresses the Remote-Code-Execution
- vulnerability - CVE-2021-44228. .
+ the latest Struts 2.5.x series should either upgrade to Apache Struts 2.5.28.1 which
+ uses Log4j 2.12.2 version that addresses <a href="https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046">CVE-2021-45046</a>
+ or upgrade Log4j to version 2.12.2 (when running on Java 1.7) or 2.16.0 (when running on Java 8+).
Read more in <a href="announce-2021#a20211212-2">Announcement</a>
</p>
</div>