You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ant.apache.org by bu...@apache.org on 2021/12/13 10:52:42 UTC

[Bug 65747] New: Impact of CVE-2021-44228 on Apache Ant

https://bz.apache.org/bugzilla/show_bug.cgi?id=65747

            Bug ID: 65747
           Summary: Impact of CVE-2021-44228 on Apache Ant
           Product: Ant
           Version: 1.10.12
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Core
          Assignee: notifications@ant.apache.org
          Reporter: shashikanth@in.ibm.com
  Target Milestone: ---

Hi there,

Can you please tell us if if any of Apache Ant versions are affected by
CVE-2021-44228?

Thanks
Shashi

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65747] Impact of CVE-2021-44228 on Apache Ant

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65747

--- Comment #2 from Shashikanth <sh...@in.ibm.com> ---
Hi Stefan, Thank you for the quick response.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 65747] Impact of CVE-2021-44228 on Apache Ant

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=65747

Stefan Bodewig <bo...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Stefan Bodewig <bo...@apache.org> ---
Ant does not use log4j2.x at all and never has.

In theory somebody could set up the completely depreacted log4j 1.x listener to
use log4j2 and the bridge, but this is way outside of what Ant does out of the
box.

BTW, Bugzilla is not the best place to ask questions about Ant.

-- 
You are receiving this mail because:
You are the assignee for the bug.