You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Gregory Knott (Jira)" <ji...@apache.org> on 2020/11/19 05:01:00 UTC
[jira] [Created] (AXIS2-5993) Upgrade logging to log4j v2.x
Gregory Knott created AXIS2-5993:
------------------------------------
Summary: Upgrade logging to log4j v2.x
Key: AXIS2-5993
URL: https://issues.apache.org/jira/browse/AXIS2-5993
Project: Axis2
Issue Type: Improvement
Components: client-api
Affects Versions: 1.7.9
Environment: Tomcat
Reporter: Gregory Knott
Fix For: 1.7.9
[https://nvd.nist.gov/vuln/detail/CVE-2019-17571]
This vulnerability prompts us to upgrade to a v2 version of log4j since all v1 versions are end of support. However all versions of axis2 still use v1 log4j.
If axis2 is not updated, then we will need to move to another web service container.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org