You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Gregory Knott (Jira)" <ji...@apache.org> on 2020/11/19 05:01:00 UTC

[jira] [Created] (AXIS2-5993) Upgrade logging to log4j v2.x

Gregory Knott created AXIS2-5993:
------------------------------------

             Summary: Upgrade logging to log4j v2.x
                 Key: AXIS2-5993
                 URL: https://issues.apache.org/jira/browse/AXIS2-5993
             Project: Axis2
          Issue Type: Improvement
          Components: client-api
    Affects Versions: 1.7.9
         Environment: Tomcat
            Reporter: Gregory Knott
             Fix For: 1.7.9


[https://nvd.nist.gov/vuln/detail/CVE-2019-17571]

This vulnerability prompts us to upgrade to a v2 version of log4j since all v1 versions are end of support. However all versions of axis2 still use v1 log4j.

If axis2 is not updated, then we will need to move to another web service container.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org