[jira] [Created] (NUTCH-2915) Upgrade to log4j 2.15.0

Sebastian Nagel (Jira) Sun, 12 Dec 2021 11:57:05 -0800

Sebastian Nagel created NUTCH-2915:
--------------------------------------

             Summary: Upgrade to log4j 2.15.0
                 Key: NUTCH-2915
                 URL: https://issues.apache.org/jira/browse/NUTCH-2915
             Project: Nutch
          Issue Type: Bug
          Components: logging
    Affects Versions: 1.19
            Reporter: Sebastian Nagel
             Fix For: 1.19



See [Apache Log4j Security 
Vulnerabilities](https://logging.apache.org/log4j/2.x/security.html).

Notes:
- the released 1.18 is not directly affected because it uses log4j 1.x which is 
not affected by CVE-2021-44228. The upgrade from log4j 1.x to 2.14.1 was done 
recently by NUTCH-2885.
- the plugin indexer-elastic includes a transitive dependency to 
log4j-api-2.11.1 which is not affected - only log4j-core is according to 
[comments by slf4j|http://www.slf4j.org/log4shell.html].



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (NUTCH-2915) Upgrade to log4j 2.15.0

Reply via email to