[
https://issues.apache.org/jira/browse/SSHD-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17498736#comment-17498736
]
Putra Nugraha commented on SSHD-1248:
-------------------------------------
Hi [~twolf] [~lgoldstein] ,
When running mvn help:effective-pom command, I can see the some dependencies to
log4j in this [^effective-pom.xml]
Here is some example and there are more
!image-2022-02-28-15-06-13-418.png|width=461,height=363!
> Log4J2 Security Vulneralibility ( CVE-2021-44832 )
> --------------------------------------------------
>
> Key: SSHD-1248
> URL: https://issues.apache.org/jira/browse/SSHD-1248
> Project: MINA SSHD
> Issue Type: Question
> Affects Versions: 2.8.0
> Reporter: Putra Nugraha
> Priority: Major
> Attachments: effective-pom.xml, image-2022-02-28-15-06-13-418.png
>
>
> Upon checking a possible security vulnerabilities, I noticed MINA SSHD is
> using Log4J2 version 2.14.1 and Log4J2 made some fixes in the later version (
> 2.17.1 for Java 8 ) which one if it is related to security vulnerabilities to
> RCE.
>
> May I know if there is any plan on MINA SSHD to adapt the above fix? Or can
> we please have this fixed if not planned?
>
> Further details on the above Log4J security vulnerabilities can be found here
> https://logging.apache.org/log4j/2.x/security.html
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
