You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/12/13 14:18:00 UTC

[jira] [Work logged] (LOG4J2-3218) Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228

     [ https://issues.apache.org/jira/browse/LOG4J2-3218?focusedWorklogId=695078&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-695078 ]

ASF GitHub Bot logged work on LOG4J2-3218:
------------------------------------------

                Author: ASF GitHub Bot
            Created on: 13/Dec/21 14:17
            Start Date: 13/Dec/21 14:17
    Worklog Time Spent: 10m 
      Work Description: rocketraman opened a new pull request #21:
URL: https://github.com/apache/logging-log4j-kotlin/pull/21


   @jvz I'll merge this to master shortly, but given the visibility of this issue, but FYI. We should probably cut a new release sooner rather than later.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 695078)
    Remaining Estimate: 0h
            Time Spent: 10m

> Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228
> ------------------------------------------------------------------------------
>
>                 Key: LOG4J2-3218
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3218
>             Project: Log4j 2
>          Issue Type: Dependency upgrade
>          Components: Kotlin API
>    Affects Versions: Kotlin 1.1.0
>            Reporter: Raman Gupta
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Kotlin API currently depends on log4j2 API version 2.13.2 which, assuming users are using the corresponding implementation, is vulnerable by default to CVE-2021-44228. Update dependency to 2.15.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)