You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@openwebbeans.apache.org by "Mark Struberg (Jira)" <ji...@apache.org> on 2021/12/14 21:02:00 UTC

[jira] [Updated] (OWB-1396) upgrade to log4j2 2.16.0

     [ https://issues.apache.org/jira/browse/OWB-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mark Struberg updated OWB-1396:
-------------------------------
    Summary: upgrade to log4j2 2.16.0  (was: upgrade to log4j2 2.15.0)

> upgrade to log4j2 2.16.0
> ------------------------
>
>                 Key: OWB-1396
>                 URL: https://issues.apache.org/jira/browse/OWB-1396
>             Project: OpenWebBeans
>          Issue Type: Task
>          Components: Core
>    Affects Versions: 2.0.24
>            Reporter: Mark Struberg
>            Assignee: Mark Struberg
>            Priority: Minor
>             Fix For: 2.0.25
>
>
> We gonna bump our log4j 2 version to the CVE free 2.15.0.
> Note that we did not ship this but only used it as a provided compile time dependency for compiling our optional log4j2 support against it! So this is not strictly a CVE related issue but just to make sure we don't get too many reports that we are using an evil version.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)