You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "Matt Sicker (Jira)" <ji...@apache.org> on 2021/12/21 03:50:00 UTC

[jira] [Resolved] (LOG4J2-3218) Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105

     [ https://issues.apache.org/jira/browse/LOG4J2-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matt Sicker resolved LOG4J2-3218.
---------------------------------
    Fix Version/s: Kotlin 1.2.0
       Resolution: Fixed

> Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: LOG4J2-3218
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3218
>             Project: Log4j 2
>          Issue Type: Dependency upgrade
>          Components: Kotlin API
>    Affects Versions: Kotlin 1.1.0
>            Reporter: Raman Gupta
>            Assignee: Matt Sicker
>            Priority: Major
>             Fix For: Kotlin 1.2.0
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Kotlin API currently depends on log4j2 API version 2.13.2 which, assuming users are using the corresponding implementation, is vulnerable by default to CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105. Update dependency to 2.17.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)