You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by rp...@apache.org on 2021/12/23 04:03:57 UTC
[logging-log4j-site] branch asf-staging updated: [LOG4J2-2819] update security page for CVE-2020-9488 fix backported to 2.12.3
This is an automated email from the ASF dual-hosted git repository.
rpopma pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new a612740 [LOG4J2-2819] update security page for CVE-2020-9488 fix backported to 2.12.3
a612740 is described below
commit a61274054989a6425a1a136387bcbf867e41001a
Author: Remko Popma <re...@yahoo.com>
AuthorDate: Thu Dec 23 13:03:50 2021 +0900
[LOG4J2-2819] update security page for CVE-2020-9488 fix backported to 2.12.3
---
log4j-2.16.0/security.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html
index a54b853..55fe94b 100644
--- a/log4j-2.16.0/security.html
+++ b/log4j-2.16.0/security.html
@@ -289,7 +289,7 @@
<li><a class="externalLink" href="https://issues.apache.org/jira/browse/LOG4J2-3198">https://issues.apache.org/jira/browse/LOG4J2-3198</a>.</li>
</ul></section></section><section>
-<h3><a name="Fixed_in_Log4j_2.13.2"></a>Fixed in Log4j 2.13.2</h3>
+<h3><a name="Fixed_in_Log4j_2.13.2"></a>Fixed in Log4j 2.13.2 (Java 8) and 2.12.3 (Java 7)</h3>
<p><a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488">CVE-2020-9488</a>: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender.</p>
<p>Severity: Low</p>
<p>CVSS Base Score: 3.7 (Low) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</p>