Re: Apache Log4j CVE-2021-44228 vulnerability

[Apache Security Team <se...@apache.org>]

Hi;

You recently contacted the Apache security team. As explained in
[1], the e-mail address you used should only be used for reporting
undisclosed security vulnerabilities in Apache products and managing the
process of fixing such vulnerabilities. Your e-mail does not meet that
criteria.

You may wish read some information on how the ASF works [2] before
contacting the appropriate project(s) with your enquiry via the
appropriate channel for each project.

The Apache security team is unlikely to respond to further messages
regarding this topic.

The Apache security team

[1] http://www.apache.org/security/
[2] http://apache.org/foundation/how-it-works.html

On Tue, Dec 14, 2021 at 12:54 PM Patil, Dipak (Pune) <
dipak.patil3@fiserv.com> wrote:

> Hello Apache Team,
>
>
>
> Greetings from Fiserv!!!
>
>
>
> This is with reference to Apache Log4j CVE-2021-44228 vulnerability. We
> are using multiple jars as mentioned below on our multiple products.
>
>
>
> For all these Jars we would like to know if these are impacted by Log4j
> CVE-2021-44228 vulnerability and if yes then expected ETA for remediation
> and availability of updated jar.
>
>
>
> Appreciate your response with update on the last 2 columns.
>
>
>
> *JAR name*
>
> *JAR Version*
>
> *Is Vulnerable?*
>
> *ETA for FIX?*
>
> resolver.jar
>
> 2.9.1
>
>
>
>
>
> xercesImpl.jar
>
> 2.12.1
>
>
>
>
>
> axis.jar
>
> 1.4
>
>
>
>
>
> commons-collections
>
> 3.2
>
>
>
>
>
> commons-Collections4.jar
>
> 4.1
>
>
>
>
>
> commons-digester.jar
>
> 1.6
>
>
>
>
>
> commons-io
>
> 2.7
>
>
>
>
>
> Commons-io.jar
>
> 2.8.0
>
>
>
>
>
> commons-lang.jar
>
> 2.5
>
>
>
>
>
> commons-lang3.jar
>
> 3.8.1
>
>
>
>
>
> commons-logging.jar
>
> 1.1.1
>
>
>
>
>
> commons-validator.jar
>
> 1.2.0
>
>
>
>
>
> jackson-annotations.jar
>
> 2.9.4
>
>
>
>
>
> Jakarta oro.jar
>
> 2.0.7
>
>
>
>
>
> jakarta-oro-2.0.8
>
> 2.0.8
>
>
>
>
>
> jdom2
>
> 2.0.6
>
>
>
>
>
> owasp-java-html-sanitizer
>
> 20200713.1
>
>
>
>
>
> Recordio.jar
>
>  -
>
>
>
>
>
> spring-aop.jar
>
> 5.2.7
>
>
>
>
>
> spring-core, spring-context,spring-beans
>
> 5.2.7
>
>
>
>
>
> taglibs-standard-jstlel
>
> 1.2.5
>
>
>
>
>
> xml-apis.jar
>
> 1.4.01
>
>
>
>
>
> xml-apis.jar
>
> 2.5.0
>
>
>
>
>
> xmlParserApis
>
> 2.5.0
>
>
>
>
>
>
>
>
>
> Thanks & Regards,
>
> *Dipak Patil*
> Sr. Manager, Software Development
> Fiserv Global Services | Financial & Risk Management Solutions
>
> Mobile: +91-9766784964
>
>
> *Fiserv*
> *Helping Small Businesses Get** Back2Business
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_RZ22cy4q6bM8_UVZtWHM1elJtdTU4UVBNL0JVcGgyVXZNcEoxMnNWR3lPbERrU2c1eW93dFU2N2VMZnB3bjU2T09SL0IwaDVJbDhKWUVlUitseEhvK0RYdVdIS2c3YUdjZGpSZFEwT3pvd25adm51QVNsemc9S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=GKI0C3ftOzv3wlDYOrUb3GQEG-D4bX0X-0hj_zc4zug&m=tLZp9B4LvaBgHppw7aXKOyoktvj2YGOFxM4mAswOiN0&s=CcleTW48A9onwIZ8iFTzfJoxOF9Hc5wyTP4dM3Jq0fI&e=>*
> Fiserv
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_X677F3dKx8Tx_UVZtWHM1elJtdTU4UVBNL0JVcGgyVXZNcEoxMnNWR3lPbERrU2c1eW93dFU2N2VMZnB3bjU2T09SL0IwaDVJbDhKWUVlUitseEhvK0RYdVdIS2c3YUdjZGpSZFEwT3pvd25adm51QVNsemc9S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=GKI0C3ftOzv3wlDYOrUb3GQEG-D4bX0X-0hj_zc4zug&m=tLZp9B4LvaBgHppw7aXKOyoktvj2YGOFxM4mAswOiN0&s=fZNUC5ih9Ox4L27ZSa9a93JTa49_fJ5rumBU-gw60ZU&e=>
> | Join Our Team
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_j9LLfXwgErFR_UVZtWHM1elJtdTU4UVBNL0JVcGgyVXZNcEoxMnNWR3lPbERrU2c1eW93dFU2N2VMZnB3bjU2T09SL0IwaDVJbDhKWUVlUitseEhvK0RYdVdIS2c3YUdjZGpSZFEwT3pvd25adm51QVNsemc9S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=GKI0C3ftOzv3wlDYOrUb3GQEG-D4bX0X-0hj_zc4zug&m=tLZp9B4LvaBgHppw7aXKOyoktvj2YGOFxM4mAswOiN0&s=E7R01NkwndsmoJ-PZoiUPeKWk8rY9BTfKRPTTxE0Kw8&e=>
> | Twitter
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_bxXXB-2DpG2wfb_UVZtWHM1elJtdTU4UVBNL0JVcGgyVXZNcEoxMnNWR3lPbERrU2c1eW93dFU2N2VMZnB3bjU2T09SL0IwaDVJbDhKWUVlUitseEhvK0RYdVdIS2c3YUdjZGpSZFEwT3pvd25adm51QVNsemc9S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=GKI0C3ftOzv3wlDYOrUb3GQEG-D4bX0X-0hj_zc4zug&m=tLZp9B4LvaBgHppw7aXKOyoktvj2YGOFxM4mAswOiN0&s=3y-WMFmPI8uEaGaOQgso0l-RZ91VuIv0UrIiInznKEw&e=>
> | LinkedIn
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_z9-5F-5FfAx8R-7EBm_UVZtWHM1elJtdTU4UVBNL0JVcGgyVXZNcEoxMnNWR3lPbERrU2c1eW93dFU2N2VMZnB3bjU2T09SL0IwaDVJbDhKWUVlUitseEhvK0RYdVdIS2c3YUdjZGpSZFEwT3pvd25adm51QVNsemc9S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=GKI0C3ftOzv3wlDYOrUb3GQEG-D4bX0X-0hj_zc4zug&m=tLZp9B4LvaBgHppw7aXKOyoktvj2YGOFxM4mAswOiN0&s=Q61USL3F_T_KT15_VUrZEYj4RNrcKQXrJQfIIJT5NgY&e=>
> | Facebook
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_ebwwFvy-7EgkQ7_UVZtWHM1elJtdTU4UVBNL0JVcGgyVXZNcEoxMnNWR3lPbERrU2c1eW93dFU2N2VMZnB3bjU2T09SL0IwaDVJbDhKWUVlUitseEhvK0RYdVdIS2c3YUdjZGpSZFEwT3pvd25adm51QVNsemc9S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=GKI0C3ftOzv3wlDYOrUb3GQEG-D4bX0X-0hj_zc4zug&m=tLZp9B4LvaBgHppw7aXKOyoktvj2YGOFxM4mAswOiN0&s=TN-WHQH38jACIJp2JU6IGSxAUU5M4k5LtJczIaBoN7s&e=>
> FORTUNE *World's Most Admired Companies®*
> 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021
>
> © 2021 Fiserv Inc. or its affiliates. Fiserv is a registered trademark of
> Fiserv Inc. Privacy Notice
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__links.mkt030.com_els_v2_w-5F33sEW2jps3_UVZtWHM1elJtdTU4UVBNL0JVcGgyVXZNcEoxMnNWR3lPbERrU2c1eW93dFU2N2VMZnB3bjU2T09SL0IwaDVJbDhKWUVlUitseEhvK0RYdVdIS2c3YUdjZGpSZFEwT3pvd25adm51QVNsemc9S0_&d=DwMFaQ&c=rE3mhBYFJfJGqQ7WI0-DPw&r=GKI0C3ftOzv3wlDYOrUb3GQEG-D4bX0X-0hj_zc4zug&m=tLZp9B4LvaBgHppw7aXKOyoktvj2YGOFxM4mAswOiN0&s=y4oAJx7X-sCjAmZYwrwHCP22qv8fqneje9sJ_LtLqjg&e=>
> © 2021 Fortune Media IP Limited. Used under license.
>
>
>