[jira] [Closed] (DAFFODIL-2610) Update log4J dependency to fix CVE-2021-44228 and CVE-2021-45105

Dave Thompson (Jira) Mon, 20 Dec 2021 09:53:07 -0800


     [ 
https://issues.apache.org/jira/browse/DAFFODIL-2610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dave Thompson closed DAFFODIL-2610.
-----------------------------------

Verified the specified commits (commit 4f56f1a75dc4d27abac9d20da95e5423c3633086 
and a17cab5e19159c8aca100913688a28811afee2bf) are included in the latest pull 
from the daffodil repository.

Verified the log4j dependency in the project/Dependencies.scala file has been 
updated to log4j-api and log4j-core version 2.17.0 which covers vulnerabilities 
CVE-2021-044228, CVE-2021-45105 and CVE-2021-45046.

> Update log4J dependency to fix CVE-2021-44228 and CVE-2021-45105 
> -----------------------------------------------------------------
>
>                 Key: DAFFODIL-2610
>                 URL: https://issues.apache.org/jira/browse/DAFFODIL-2610
>             Project: Daffodil
>          Issue Type: Bug
>          Components: General
>    Affects Versions: 3.2.0
>            Reporter: Mike Beckerle
>            Assignee: Mike Beckerle
>            Priority: Critical
>             Fix For: 3.2.1
>
>
> Update to 2.16.0



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (DAFFODIL-2610) Update log4J dependency to fix CVE-2021-44228 and CVE-2021-45105

Reply via email to