[jira] [Commented] (NUTCH-2915) Upgrade to log4j 2.15.0

Mon, 13 Dec 2021 10:33:06 -0800 


    [ 
https://issues.apache.org/jira/browse/NUTCH-2915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458613#comment-17458613
 ] 

ASF GitHub Bot commented on NUTCH-2915:
---------------------------------------

lewismc commented on pull request #713:
URL: https://github.com/apache/nutch/pull/713#issuecomment-992755351


   +1 shall we push a release?
   
   On Sun, Dec 12, 2021 at 13:32 Sebastian Nagel ***@***.***>
   wrote:
   
   > ------------------------------
   > You can view, comment on, or merge this pull request online at:
   >
   >   https://github.com/apache/nutch/pull/713
   > Commit Summary
   >
   >    - 0c9971d
   >    
<https://github.com/apache/nutch/pull/713/commits/0c9971d7baead185637730bca0dea8f3a29afc65>
   >    NUTCH-2915 Upgrade to log4j 2.15.0
   >
   > File Changes
   >
   > (1 file <https://github.com/apache/nutch/pull/713/files>)
   >
   >    - *M* ivy/ivy.xml
   >    
<https://github.com/apache/nutch/pull/713/files#diff-d571fae60d753ab001a6b973e986ec559a7e178604b56ffb4904a66854392121>
   >    (8)
   >
   > Patch Links:
   >
   >    - https://github.com/apache/nutch/pull/713.patch
   >    - https://github.com/apache/nutch/pull/713.diff
   >
   > —
   > You are receiving this because you are subscribed to this thread.
   > Reply to this email directly, view it on GitHub
   > <https://github.com/apache/nutch/pull/713>, or unsubscribe
   > 
<https://github.com/notifications/unsubscribe-auth/AAI4TF5PMYOAE3HR2XH6A2LUQUIFLANCNFSM5J4WRBZA>
   > .
   > Triage notifications on the go with GitHub Mobile for iOS
   > 
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
   > or Android
   > 
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
   >
   >
   -- 
   http://home.apache.org/~lewismc/
   http://people.apache.org/keys/committer/lewismc
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@nutch.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Upgrade to log4j 2.15.0
> -----------------------
>
>                 Key: NUTCH-2915
>                 URL: https://issues.apache.org/jira/browse/NUTCH-2915
>             Project: Nutch
>          Issue Type: Bug
>          Components: logging
>    Affects Versions: 1.19
>            Reporter: Sebastian Nagel
>            Assignee: Sebastian Nagel
>            Priority: Critical
>             Fix For: 1.19
>
>
> See [Apache Log4j Security 
> Vulnerabilities|https://logging.apache.org/log4j/2.x/security.html].
> Notes:
> - the released 1.18 is not directly affected because it uses log4j 1.x which 
> is not affected by CVE-2021-44228. The upgrade from log4j 1.x to 2.14.1 was 
> done recently by NUTCH-2885.
> - the plugin indexer-elastic includes a transitive dependency to 
> log4j-api-2.11.1 which is not affected - only log4j-core is according to 
> [comments by slf4j|http://www.slf4j.org/log4shell.html].



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to