You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@struts.apache.org by lu...@apache.org on 2021/12/23 07:25:49 UTC

[struts-site] branch master updated: Adds a note about using proper version of log4j-core package

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git


The following commit(s) were added to refs/heads/master by this push:
     new dc3ff71  Adds a note about using proper version of log4j-core package
dc3ff71 is described below

commit dc3ff714522184d3613b1bbebc3a14ea7cff2029
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Thu Dec 23 08:25:45 2021 +0100

    Adds a note about using proper version of log4j-core package
---
 source/announce-2021.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source/announce-2021.md b/source/announce-2021.md
index 993c5e8..afc927b 100644
--- a/source/announce-2021.md
+++ b/source/announce-2021.md
@@ -21,6 +21,9 @@ release. The GA designation is our highest quality grade.
 This release addresses Log4j vulnerability [CVE-2021-45105](https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105)
 by using the latest Log4j 2.12.3 version (Java 1.7 compatible).
 
+**Please note, that the Apache Struts itself depends on the log4j-api package only, it's users' responsibility 
+to use a proper version of the log4j-core package!**
+
 > Please read the [Version Notes]({{ site.wiki_url }}/Version+Notes+2.5.28.2) to find more details about performed
 > bug fixes and improvements.