[ https://issues.apache.org/jira/browse/OWB-1396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459483#comment-17459483 ]
Mark Struberg commented on OWB-1396: ------------------------------------ Even upgrde to 2.16.0 > upgrade to log4j2 2.16.0 > ------------------------ > > Key: OWB-1396 > URL: https://issues.apache.org/jira/browse/OWB-1396 > Project: OpenWebBeans > Issue Type: Task > Components: Core > Affects Versions: 2.0.24 > Reporter: Mark Struberg > Assignee: Mark Struberg > Priority: Minor > Fix For: 2.0.25 > > > We gonna bump our log4j 2 version to the CVE free 2.15.0. > Note that we did not ship this but only used it as a provided compile time > dependency for compiling our optional log4j2 support against it! So this is > not strictly a CVE related issue but just to make sure we don't get too many > reports that we are using an evil version. -- This message was sent by Atlassian Jira (v8.20.1#820001)