You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Martin Stockhammer (Jira)" <ji...@apache.org> on 2021/12/18 11:35:00 UTC
[jira] [Resolved] (MRM-2027) Update log4j2 to 2.17.0
[ https://issues.apache.org/jira/browse/MRM-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Stockhammer resolved MRM-2027.
-------------------------------------
Resolution: Fixed
Added to pom.xml
> Update log4j2 to 2.17.0
> -----------------------
>
> Key: MRM-2027
> URL: https://issues.apache.org/jira/browse/MRM-2027
> Project: Archiva
> Issue Type: Improvement
> Affects Versions: 2.2.6
> Reporter: Martin Stockhammer
> Assignee: Martin Stockhammer
> Priority: Major
> Fix For: 2.2.7
>
>
> There is another vulnerability for log4j2
> [CVE-2021-45105|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105]
> It is considered as low risk for archiva, should work only when users change the log configuration. But we add this update for the next release.
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)