[jira] [Resolved] (NUTCH-2915) Upgrade to log4j 2.15.0

Sebastian Nagel (Jira) Tue, 14 Dec 2021 08:31:47 -0800


     [ 
https://issues.apache.org/jira/browse/NUTCH-2915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sebastian Nagel resolved NUTCH-2915.
------------------------------------
    Resolution: Fixed

> Upgrade to log4j 2.15.0
> -----------------------
>
>                 Key: NUTCH-2915
>                 URL: https://issues.apache.org/jira/browse/NUTCH-2915
>             Project: Nutch
>          Issue Type: Bug
>          Components: logging
>    Affects Versions: 1.19
>            Reporter: Sebastian Nagel
>            Assignee: Sebastian Nagel
>            Priority: Critical
>             Fix For: 1.19
>
>
> See [Apache Log4j Security 
> Vulnerabilities|https://logging.apache.org/log4j/2.x/security.html].
> Notes:
> - the released 1.18 is not directly affected because it uses log4j 1.x which 
> is not affected by CVE-2021-44228. The upgrade from log4j 1.x to 2.14.1 was 
> done recently by NUTCH-2885.
> - the plugin indexer-elastic includes a transitive dependency to 
> log4j-api-2.11.1 which is not affected - only log4j-core is according to 
> [comments by slf4j|http://www.slf4j.org/log4shell.html].



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (NUTCH-2915) Upgrade to log4j 2.15.0

Reply via email to