[
https://issues.apache.org/jira/browse/XMLBEANS-580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
PJ Fanning updated XMLBEANS-580:
--------------------------------
Summary: upgrade to log4j 2.17.1 (was: upgrade to log4j 2.17.0)
> upgrade to log4j 2.17.1
> -----------------------
>
> Key: XMLBEANS-580
> URL: https://issues.apache.org/jira/browse/XMLBEANS-580
> Project: XMLBeans
> Issue Type: Improvement
> Components: DOM
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Fix For: Version 5.0.3
>
>
> Users are encouraged to update their own log4j dependencies to the latest v2
> available - currently 2.17.0 - the next xmlbeans release will use the latest
> available - xmlbeans only depends on log4j-api jar and the
> [Log4Shell|https://www.infoq.com/news/2021/12/log4j-zero-day-vulnerability/]
> issue is in log4j-core jar.
> https://logging.apache.org/log4j/2.x/security.html
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
