[ https://issues.apache.org/jira/browse/MEECROWAVE-304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mark Struberg resolved MEECROWAVE-304. -------------------------------------- Assignee: Mark Struberg Resolution: Fixed > upgrade to log4j2 2.15.0 > ------------------------ > > Key: MEECROWAVE-304 > URL: https://issues.apache.org/jira/browse/MEECROWAVE-304 > Project: Meecrowave > Issue Type: Bug > Affects Versions: 1.2.12 > Reporter: Mark Struberg > Assignee: Mark Struberg > Priority: Major > Fix For: 1.2.13 > > > Log4j2-2.14.1 contains a CVE related but which allows code injection via JNDI > in the log string. > This is prevented with more recent Java JDK versions but is now also fixed in > log4j2 directly. > Please use this MW version or update your installations by replacing the > log4j2.jars with 2.15.0 manually. -- This message was sent by Atlassian Jira (v8.20.1#820001)