You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tika.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/01/04 06:37:00 UTC

[jira] [Commented] (TIKA-3638) Log4J vulnerability mitigation by upgrading to latest

    [ https://issues.apache.org/jira/browse/TIKA-3638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17468383#comment-17468383 ] 

ASF GitHub Bot commented on TIKA-3638:
--------------------------------------

Subhajitdas298 opened a new pull request #473:
URL: https://github.com/apache/tika/pull/473


   Log4j upgraded to 1.27.1


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@tika.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Log4J vulnerability mitigation by upgrading to latest
> -----------------------------------------------------
>
>                 Key: TIKA-3638
>                 URL: https://issues.apache.org/jira/browse/TIKA-3638
>             Project: Tika
>          Issue Type: Bug
>    Affects Versions: 1.28
>            Reporter: Subhajit Das
>            Priority: Major
>
> Noticeable Vulnerability for log4j is still persistent in log4j 2.17.0.
> Upgrading to 2.17.1 (and any latest that may come up before release).
>  
> Ref:
> [https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.0]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832]
> https://issues.apache.org/jira/browse/LOG4J2-3293



--
This message was sent by Atlassian Jira
(v8.20.1#820001)