[
https://issues.apache.org/jira/browse/NUTCH-2915?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458827#comment-17458827
]
Hudson commented on NUTCH-2915:
-------------------------------
SUCCESS: Integrated in Jenkins build Nutch ยป Nutch-trunk #56 (See
[https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/56/])
NUTCH-2915 Upgrade to log4j 2.15.0 (snagel:
[https://github.com/apache/nutch/commit/0c9971d7baead185637730bca0dea8f3a29afc65])
* (edit) ivy/ivy.xml
> Upgrade to log4j 2.15.0
> -----------------------
>
> Key: NUTCH-2915
> URL: https://issues.apache.org/jira/browse/NUTCH-2915
> Project: Nutch
> Issue Type: Bug
> Components: logging
> Affects Versions: 1.19
> Reporter: Sebastian Nagel
> Assignee: Sebastian Nagel
> Priority: Critical
> Fix For: 1.19
>
>
> See [Apache Log4j Security
> Vulnerabilities|https://logging.apache.org/log4j/2.x/security.html].
> Notes:
> - the released 1.18 is not directly affected because it uses log4j 1.x which
> is not affected by CVE-2021-44228. The upgrade from log4j 1.x to 2.14.1 was
> done recently by NUTCH-2885.
> - the plugin indexer-elastic includes a transitive dependency to
> log4j-api-2.11.1 which is not affected - only log4j-core is according to
> [comments by slf4j|http://www.slf4j.org/log4shell.html].
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
