You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@daffodil.apache.org by "Dave Thompson (Jira)" <ji...@apache.org> on 2021/12/20 17:53:00 UTC

[jira] [Closed] (DAFFODIL-2610) Update log4J dependency to fix CVE-2021-44228 and CVE-2021-45105

     [ https://issues.apache.org/jira/browse/DAFFODIL-2610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dave Thompson closed DAFFODIL-2610.
-----------------------------------

Verified the specified commits (commit 4f56f1a75dc4d27abac9d20da95e5423c3633086 and a17cab5e19159c8aca100913688a28811afee2bf) are included in the latest pull from the daffodil repository.

Verified the log4j dependency in the project/Dependencies.scala file has been updated to log4j-api and log4j-core version 2.17.0 which covers vulnerabilities CVE-2021-044228, CVE-2021-45105 and CVE-2021-45046.

> Update log4J dependency to fix CVE-2021-44228 and CVE-2021-45105 
> -----------------------------------------------------------------
>
>                 Key: DAFFODIL-2610
>                 URL: https://issues.apache.org/jira/browse/DAFFODIL-2610
>             Project: Daffodil
>          Issue Type: Bug
>          Components: General
>    Affects Versions: 3.2.0
>            Reporter: Mike Beckerle
>            Assignee: Mike Beckerle
>            Priority: Critical
>             Fix For: 3.2.1
>
>
> Update to 2.16.0



--
This message was sent by Atlassian Jira
(v8.20.1#820001)