[jira] [Commented] (TIKA-3616) Upgrade log4j2

Hudson (Jira) Fri, 10 Dec 2021 09:35:05 -0800


    [ 
https://issues.apache.org/jira/browse/TIKA-3616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457290#comment-17457290
 ]


Hudson commented on TIKA-3616:
------------------------------

FAILURE: Integrated in Jenkins build Tika » tika-main-jdk8 #378 (See 
[https://ci-builds.apache.org/job/Tika/job/tika-main-jdk8/378/])
TIKA-3616 -- upgrade log4j2 to avoid rce vulnerability (tallison: 
[https://github.com/apache/tika/commit/9787d5e2316d0a639241bbdb8654ef4c3cc32e3a])
* (edit) tika-parent/pom.xml


> Upgrade log4j2
> --------------
>
>                 Key: TIKA-3616
>                 URL: https://issues.apache.org/jira/browse/TIKA-3616
>             Project: Tika
>          Issue Type: Task
>            Reporter: Tim Allison
>            Priority: Major
>             Fix For: 2.1.1
>
>
> RCE...might be difficult to trigger in Tika, but why ask for a PoC...
> This only affects 2.x.  We were still using the old log4j in 1.x



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (TIKA-3616) Upgrade log4j2

Reply via email to