[jira] [Commented] (TIKA-3616) Upgrade log4j2

Dan Switzer (Jira) Wed, 15 Dec 2021 09:53:06 -0800


    [ 
https://issues.apache.org/jira/browse/TIKA-3616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460140#comment-17460140
 ]


Dan Switzer commented on TIKA-3616:
-----------------------------------

Is Tika being upgraded to Log4j v2.16, since 2.15 still has a potential DoS 
issue?

Is there still a release planned in the next day or so?

> Upgrade log4j2
> --------------
>
>                 Key: TIKA-3616
>                 URL: https://issues.apache.org/jira/browse/TIKA-3616
>             Project: Tika
>          Issue Type: Task
>            Reporter: Tim Allison
>            Priority: Major
>             Fix For: 2.1.1
>
>
> RCE...might be difficult to trigger in Tika, but why ask for a PoC...
> This only affects 2.x.  We were still using the old log4j in 1.x



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (TIKA-3616) Upgrade log4j2

Reply via email to