[jira] [Closed] (DAFFODIL-2610) Update log4J dependency to fix CVE-2021-44228

Dave Thompson (Jira) Mon, 20 Dec 2021 06:39:07 -0800


     [ 
https://issues.apache.org/jira/browse/DAFFODIL-2610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dave Thompson closed DAFFODIL-2610.
-----------------------------------

Verified the specified commit (commit 4f56f1a75dc4d27abac9d20da95e5423c3633086) 
is included in the latest pull from the daffodil repository.

Verified the log4j dependency in the project/Dependencies.scala file has been 
updated to log4j-api and log4j-core version 2.16.0 which includes the patch for 
CVE-2021-044228.

> Update log4J dependency to fix CVE-2021-44228
> ---------------------------------------------
>
>                 Key: DAFFODIL-2610
>                 URL: https://issues.apache.org/jira/browse/DAFFODIL-2610
>             Project: Daffodil
>          Issue Type: Bug
>          Components: General
>    Affects Versions: 3.2.0
>            Reporter: Mike Beckerle
>            Assignee: Steve Lawrence
>            Priority: Critical
>             Fix For: 3.2.1
>
>
> Update to 2.16.0



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (DAFFODIL-2610) Update log4J dependency to fix CVE-2021-44228

Reply via email to