[
https://issues.apache.org/jira/browse/TIKA-3638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469310#comment-17469310
]
Hudson commented on TIKA-3638:
------------------------------
UNSTABLE: Integrated in Jenkins build Tika » tika-branch1x-jdk8 #162 (See
[https://ci-builds.apache.org/job/Tika/job/tika-branch1x-jdk8/162/])
[TIKA-3638] Upgraded log4j to 1.27.1 (#473) (github:
[https://github.com/apache/tika/commit/b73348e349af6197c3e5c421728ebd492c53ef64])
* (edit) tika-parent/pom.xml
> Log4J vulnerability mitigation by upgrading to latest
> -----------------------------------------------------
>
> Key: TIKA-3638
> URL: https://issues.apache.org/jira/browse/TIKA-3638
> Project: Tika
> Issue Type: Bug
> Affects Versions: 1.28, 2.2.1
> Reporter: Subhajit Das
> Priority: Major
> Fix For: 1.28.1, 2.2.2
>
>
> Noticeable Vulnerability for log4j is still persistent in log4j 2.17.0.
> Upgrading to 2.17.1 (and any latest that may come up before release).
>
> Ref:
> [https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.0]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832]
> https://issues.apache.org/jira/browse/LOG4J2-3293
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
