You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@archiva.apache.org by "Martin Stockhammer (Jira)" <ji...@apache.org> on 2021/12/18 11:35:00 UTC

[jira] [Resolved] (MRM-2027) Update log4j2 to 2.17.0

     [ https://issues.apache.org/jira/browse/MRM-2027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Stockhammer resolved MRM-2027.
-------------------------------------
    Resolution: Fixed

Added to pom.xml

> Update log4j2 to 2.17.0
> -----------------------
>
>                 Key: MRM-2027
>                 URL: https://issues.apache.org/jira/browse/MRM-2027
>             Project: Archiva
>          Issue Type: Improvement
>    Affects Versions: 2.2.6
>            Reporter: Martin Stockhammer
>            Assignee: Martin Stockhammer
>            Priority: Major
>             Fix For: 2.2.7
>
>
> There is another vulnerability for log4j2
> [CVE-2021-45105|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105]
> It is considered as low risk for archiva, should work only when users change the log configuration. But we add this update for the next release.
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)