Josh Burchard created TIKA-3669:
-----------------------------------
Summary: CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC
Appender when attacker controls configuration.
Key: TIKA-3669
URL: https://issues.apache.org/jira/browse/TIKA-3669
Project: Tika
Issue Type: Bug
Components: app, server
Affects Versions: 2.2.1
Reporter: Josh Burchard
Fix For: 2.2.2, 2.3.0
Possible to get Apache Log4j2 bumped up to version 2.17.1 in Tika? I didn't
see it mentioned in the [pre-release notes for Tika
2.3.0|https://github.com/apache/tika/blob/82ed7304f16a452133f956ef2c27a52409f9bcbf/CHANGES.txt]
so I thought I'd ask here. Since it seems like log4j2 changes have ceased
being a moving target, it'd be excellent to just have the latest and greatest
version.
[Apache Log4j Security
Vulnerabilities|https://logging.apache.org/log4j/2.x/security.html]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
