This is an automated email from the ASF dual-hosted git repository.
rpopma pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/logging-log4j-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new a612740 [LOG4J2-2819] update security page for CVE-2020-9488 fix
backported to 2.12.3
a612740 is described below
commit a61274054989a6425a1a136387bcbf867e41001a
Author: Remko Popma <[email protected]>
AuthorDate: Thu Dec 23 13:03:50 2021 +0900
[LOG4J2-2819] update security page for CVE-2020-9488 fix backported to
2.12.3
---
log4j-2.16.0/security.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/log4j-2.16.0/security.html b/log4j-2.16.0/security.html
index a54b853..55fe94b 100644
--- a/log4j-2.16.0/security.html
+++ b/log4j-2.16.0/security.html
@@ -289,7 +289,7 @@
<li><a class="externalLink"
href="https://issues.apache.org/jira/browse/LOG4J2-3198";>https://issues.apache.org/jira/browse/LOG4J2-3198</a>.</li>
</ul></section></section><section>
-<h3><a name="Fixed_in_Log4j_2.13.2"></a>Fixed in Log4j 2.13.2</h3>
+<h3><a name="Fixed_in_Log4j_2.13.2"></a>Fixed in Log4j 2.13.2 (Java 8) and
2.12.3 (Java 7)</h3>
<p><a class="externalLink"
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488";>CVE-2020-9488</a>:
Improper validation of certificate with host mismatch in Apache Log4j SMTP
appender.</p>
<p>Severity: Low</p>
<p>CVSS Base Score: 3.7 (Low) CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</p>
