[
https://issues.apache.org/jira/browse/NUTCH-2915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458796#comment-17458796
]
ASF GitHub Bot commented on NUTCH-2915:
---------------------------------------
sebastian-nagel merged pull request #713:
URL: https://github.com/apache/nutch/pull/713
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@nutch.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Upgrade to log4j 2.15.0
> -----------------------
>
> Key: NUTCH-2915
> URL: https://issues.apache.org/jira/browse/NUTCH-2915
> Project: Nutch
> Issue Type: Bug
> Components: logging
> Affects Versions: 1.19
> Reporter: Sebastian Nagel
> Assignee: Sebastian Nagel
> Priority: Critical
> Fix For: 1.19
>
>
> See [Apache Log4j Security
> Vulnerabilities|https://logging.apache.org/log4j/2.x/security.html].
> Notes:
> - the released 1.18 is not directly affected because it uses log4j 1.x which
> is not affected by CVE-2021-44228. The upgrade from log4j 1.x to 2.14.1 was
> done recently by NUTCH-2885.
> - the plugin indexer-elastic includes a transitive dependency to
> log4j-api-2.11.1 which is not affected - only log4j-core is according to
> [comments by slf4j|http://www.slf4j.org/log4shell.html].
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
