[ https://issues.apache.org/jira/browse/CONNECTORS-1683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462178#comment-17462178 ]
Markus Schuch edited comment on CONNECTORS-1683 at 12/19/21, 1:24 PM: ---------------------------------------------------------------------- Log4J 2.17 was released which fixes CVE-2021-45105 r1896158 was (Author: schuchm): Log4J 2.17 was released which fixes CVE-2021-45105 > Upgrade Log4J 2.17.0 > -------------------- > > Key: CONNECTORS-1683 > URL: https://issues.apache.org/jira/browse/CONNECTORS-1683 > Project: ManifoldCF > Issue Type: Bug > Components: Framework core > Affects Versions: ManifoldCF 2.20 > Reporter: Markus Schuch > Assignee: Markus Schuch > Priority: Major > Labels: CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, > security, vulnerabilities > Fix For: ManifoldCF 2.21 > > > Dependency Log4j 2 should be upgraded to Log4J 2.16.0, because there is a > known RCE Vulnerability in previous Versions: > https://www.lunasec.io/docs/blog/log4j-zero-day/ > CVE-2021-44228 > CVE-2021-45046 > CVE-2021-45105 -- This message was sent by Atlassian Jira (v8.20.1#820001)