Am 16.12.21 um 17:29 schrieb Antonio Petrelli: > Il giorno gio 16 dic 2021 alle ore 16:46 Lukasz Lenart < > lukaszlen...@apache.org> ha scritto: > >> The Apache Struts 2.5.28.1 test build is now available. It includes >> the latest security patch which fixes security vulnerability: >> >> - Log4j has been upgrade to version 2.12.2 to address security >> vulnerability CVE-2021-45046 >> > Hello > Is there a reason why it has not been upgraded to 2.16.0? > > Antonio > Hi Antonio,
because Struts 2.5 depends on Java 1.7 and Log4J Version 2.16.0 depends on Java 1.8. Marc --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org