czw., 16 gru 2021 o 17:29 Antonio Petrelli <antonio.petre...@gmail.com> napisał(a): > Is there a reason why it has not been upgraded to 2.16.0?
As Marc already pointed out, Log4j 2.16.0 requires JDK 8 while Struts 2.5.x is still using JDK7, besides that Log4j 2.12.2 gives exactly the same level of security as Log4j 2.16.0, see this https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
