You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@logging.apache.org by Gary Gregory <ga...@gmail.com> on 2021/12/24 22:20:37 UTC
Mapping CVEs to Log4j and Java versions.
Hi All:
I find it hard to track what CVE is associated with what Log4j version and
Java version, so I created this table:
https://github.com/apache/logging-log4j2/blob/release-2.x/docs/cve-map.md
In general, I'm not a fan of duplicating information like we do on our
About page and Security page, I worry that I am missing something unless I
read _everything_ and it's harder to maintain too.
Gary
Re: Mapping CVEs to Log4j and Java versions.
Posted by Gary Gregory <ga...@gmail.com>.
On Fri, Dec 24, 2021 at 5:35 PM Ralph Goers <ra...@dslextreme.com>
wrote:
> The stuff on the about page is “news” and will disappear in an upcoming
> release. The security page will stick around indefinitely.
>
Ah, I did not get that. Now I do.
Gary
>
> Ralph
>
> > On Dec 24, 2021, at 3:20 PM, Gary Gregory <ga...@gmail.com>
> wrote:
> >
> > Hi All:
> >
> > I find it hard to track what CVE is associated with what Log4j version
> and
> > Java version, so I created this table:
> >
> https://github.com/apache/logging-log4j2/blob/release-2.x/docs/cve-map.md
> >
> > In general, I'm not a fan of duplicating information like we do on our
> > About page and Security page, I worry that I am missing something unless
> I
> > read _everything_ and it's harder to maintain too.
> >
> > Gary
>
>
Re: Mapping CVEs to Log4j and Java versions.
Posted by Ralph Goers <ra...@dslextreme.com>.
The stuff on the about page is “news” and will disappear in an upcoming release. The security page will stick around indefinitely.
Ralph
> On Dec 24, 2021, at 3:20 PM, Gary Gregory <ga...@gmail.com> wrote:
>
> Hi All:
>
> I find it hard to track what CVE is associated with what Log4j version and
> Java version, so I created this table:
> https://github.com/apache/logging-log4j2/blob/release-2.x/docs/cve-map.md
>
> In general, I'm not a fan of duplicating information like we do on our
> About page and Security page, I worry that I am missing something unless I
> read _everything_ and it's harder to maintain too.
>
> Gary