You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "Volkan Yazici (Jira)" <ji...@apache.org> on 2021/12/14 10:48:00 UTC

[jira] [Commented] (LOG4J2-3224) Log4j 2.13.0

    [ https://issues.apache.org/jira/browse/LOG4J2-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459077#comment-17459077 ] 

Volkan Yazici commented on LOG4J2-3224:
---------------------------------------

The necessary migration effort depends a lot on the the Log4j components you use and their backward incompatible changes involved, if there are any. We do our best to avoid introducing any backward incompatible changes in minor version upgrades, hence it might be that you don't need to anything except upgrading the dependency version.

Yes, you are advised to upgrade to 2.16.0 – which has more hardened security measures compared to 2.15.0.

> Log4j 2.13.0
> ------------
>
>                 Key: LOG4J2-3224
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3224
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Build
>    Affects Versions: 2.13.0
>            Reporter: Edmondo Sena
>            Priority: Critical
>             Fix For: 2.15.0
>
>
> Given the vulnerabilities of Log4j 2.13.0, does the switch to log4j 2.15.0 have severe design impacts or is it painless? Is version 2.15.0 okay or is version 2.16.0 required?
> Thanks



--
This message was sent by Atlassian Jira
(v8.20.1#820001)