[jira] [Comment Edited] (CONNECTORS-1683) Upgrade Log4J 2.17.0

Sun, 19 Dec 2021 05:25:04 -0800 


    [ 
https://issues.apache.org/jira/browse/CONNECTORS-1683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462178#comment-17462178
 ] 

Markus Schuch edited comment on CONNECTORS-1683 at 12/19/21, 1:24 PM:
----------------------------------------------------------------------

Log4J 2.17 was released which fixes CVE-2021-45105

r1896158


was (Author: schuchm):
Log4J 2.17 was released which fixes CVE-2021-45105

> Upgrade Log4J 2.17.0
> --------------------
>
>                 Key: CONNECTORS-1683
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1683
>             Project: ManifoldCF
>          Issue Type: Bug
>          Components: Framework core
>    Affects Versions: ManifoldCF 2.20
>            Reporter: Markus Schuch
>            Assignee: Markus Schuch
>            Priority: Major
>              Labels: CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, 
> security, vulnerabilities
>             Fix For: ManifoldCF 2.21
>
>
> Dependency Log4j 2 should be upgraded to Log4J 2.16.0, because there is a 
> known RCE Vulnerability in previous Versions: 
> https://www.lunasec.io/docs/blog/log4j-zero-day/
> CVE-2021-44228 
> CVE-2021-45046
> CVE-2021-45105



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to