[jira] [Comment Edited] (KNOX-2697) Upgrade Log4j2 to 2.16

Attila Magyar (Jira) Thu, 13 Jan 2022 03:00:04 -0800


    [ 
https://issues.apache.org/jira/browse/KNOX-2697?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475263#comment-17475263
 ]


Attila Magyar edited comment on KNOX-2697 at 1/13/22, 10:59 AM:
----------------------------------------------------------------

Knox 1.6.x only depends on Log4j2 API, which is not vulnerable.


was (Author: amagyar):
Knox 1.6.x only depends on Log4j2 API, which not vulnerable.

> Upgrade Log4j2 to 2.16
> ----------------------
>
>                 Key: KNOX-2697
>                 URL: https://issues.apache.org/jira/browse/KNOX-2697
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>             Fix For: 1.6.1
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> See details here: 
> [https://lists.apache.org/thread/d6v4r6nosxysyq9rvnr779336yf0woz4]
> Reason for the release: [https://nvd.nist.gov/vuln/detail/CVE-2021-44228]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Comment Edited] (KNOX-2697) Upgrade Log4j2 to 2.16

Reply via email to