You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2021/12/23 07:25:49 UTC
[struts-site] branch master updated: Adds a note about using proper version of log4j-core package
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new dc3ff71 Adds a note about using proper version of log4j-core package
dc3ff71 is described below
commit dc3ff714522184d3613b1bbebc3a14ea7cff2029
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Thu Dec 23 08:25:45 2021 +0100
Adds a note about using proper version of log4j-core package
---
source/announce-2021.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source/announce-2021.md b/source/announce-2021.md
index 993c5e8..afc927b 100644
--- a/source/announce-2021.md
+++ b/source/announce-2021.md
@@ -21,6 +21,9 @@ release. The GA designation is our highest quality grade.
This release addresses Log4j vulnerability [CVE-2021-45105](https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105)
by using the latest Log4j 2.12.3 version (Java 1.7 compatible).
+**Please note, that the Apache Struts itself depends on the log4j-api package only, it's users' responsibility
+to use a proper version of the log4j-core package!**
+
> Please read the [Version Notes]({{ site.wiki_url }}/Version+Notes+2.5.28.2) to find more details about performed
> bug fixes and improvements.