[
https://issues.apache.org/jira/browse/TIKA-3638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469335#comment-17469335
]
Hudson commented on TIKA-3638:
------------------------------
SUCCESS: Integrated in Jenkins build Tika » tika-main-jdk8 #409 (See
[https://ci-builds.apache.org/job/Tika/job/tika-main-jdk8/409/])
[TIKA-3638] Upgraded log4j to 1.27.1 (#474) (github:
[https://github.com/apache/tika/commit/4e38053f02e1d9dfe2c1250e8f28d9a999f3b8c0])
* (edit) tika-parent/pom.xml
> Log4J vulnerability mitigation by upgrading to latest
> -----------------------------------------------------
>
> Key: TIKA-3638
> URL: https://issues.apache.org/jira/browse/TIKA-3638
> Project: Tika
> Issue Type: Bug
> Affects Versions: 1.28, 2.2.1
> Reporter: Subhajit Das
> Priority: Major
> Fix For: 1.28.1, 2.2.2
>
>
> Noticeable Vulnerability for log4j is still persistent in log4j 2.17.0.
> Upgrading to 2.17.1 (and any latest that may come up before release).
>
> Ref:
> [https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.0]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832]
> https://issues.apache.org/jira/browse/LOG4J2-3293
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
