You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@daffodil.apache.org by "Dave Thompson (Jira)" <ji...@apache.org> on 2021/12/20 17:53:00 UTC
[jira] [Closed] (DAFFODIL-2610) Update log4J dependency to fix CVE-2021-44228 and CVE-2021-45105
[ https://issues.apache.org/jira/browse/DAFFODIL-2610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dave Thompson closed DAFFODIL-2610.
-----------------------------------
Verified the specified commits (commit 4f56f1a75dc4d27abac9d20da95e5423c3633086 and a17cab5e19159c8aca100913688a28811afee2bf) are included in the latest pull from the daffodil repository.
Verified the log4j dependency in the project/Dependencies.scala file has been updated to log4j-api and log4j-core version 2.17.0 which covers vulnerabilities CVE-2021-044228, CVE-2021-45105 and CVE-2021-45046.
> Update log4J dependency to fix CVE-2021-44228 and CVE-2021-45105
> -----------------------------------------------------------------
>
> Key: DAFFODIL-2610
> URL: https://issues.apache.org/jira/browse/DAFFODIL-2610
> Project: Daffodil
> Issue Type: Bug
> Components: General
> Affects Versions: 3.2.0
> Reporter: Mike Beckerle
> Assignee: Mike Beckerle
> Priority: Critical
> Fix For: 3.2.1
>
>
> Update to 2.16.0
--
This message was sent by Atlassian Jira
(v8.20.1#820001)