You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by bu...@apache.org on 2021/12/13 10:52:42 UTC
[Bug 65747] New: Impact of CVE-2021-44228 on Apache Ant
https://bz.apache.org/bugzilla/show_bug.cgi?id=65747
Bug ID: 65747
Summary: Impact of CVE-2021-44228 on Apache Ant
Product: Ant
Version: 1.10.12
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P2
Component: Core
Assignee: notifications@ant.apache.org
Reporter: shashikanth@in.ibm.com
Target Milestone: ---
Hi there,
Can you please tell us if if any of Apache Ant versions are affected by
CVE-2021-44228?
Thanks
Shashi
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 65747] Impact of CVE-2021-44228 on Apache Ant
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65747
--- Comment #2 from Shashikanth <sh...@in.ibm.com> ---
Hi Stefan, Thank you for the quick response.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 65747] Impact of CVE-2021-44228 on Apache Ant
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65747
Stefan Bodewig <bo...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Stefan Bodewig <bo...@apache.org> ---
Ant does not use log4j2.x at all and never has.
In theory somebody could set up the completely depreacted log4j 1.x listener to
use log4j2 and the bridge, but this is way outside of what Ant does out of the
box.
BTW, Bugzilla is not the best place to ask questions about Ant.
--
You are receiving this mail because:
You are the assignee for the bug.