Putra Nugraha created SSHD-1248:
-----------------------------------
Summary: Log4J2 Security Vulneralibility ( CVE-2021-44832 )
Key: SSHD-1248
URL: https://issues.apache.org/jira/browse/SSHD-1248
Project: MINA SSHD
Issue Type: Question
Affects Versions: 2.8.0
Reporter: Putra Nugraha
Upon checking a possible security vulnerabilities, I noticed MINA SSHD is using
Log4J2 version 2.14.1 and Log4J2 made some fixes in the later version ( 2.17.1
for Java 8 ) which one if it is related to security vulnerabilities to RCE.
May I know if there is any plan on MINA SSHD to adapt the above fix? Or can we
please have this fixed if not planned?
Further details on the above Log4J security vulnerabilities can be found here
https://logging.apache.org/log4j/2.x/security.html
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
