[jira] [Resolved] (TIKA-3669) CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

Tim Allison (Jira) Mon, 07 Feb 2022 08:36:14 -0800


     [ 
https://issues.apache.org/jira/browse/TIKA-3669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tim Allison resolved TIKA-3669.
-------------------------------
    Resolution: Fixed

> CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when 
> attacker controls configuration.
> -------------------------------------------------------------------------------------------------------
>
>                 Key: TIKA-3669
>                 URL: https://issues.apache.org/jira/browse/TIKA-3669
>             Project: Tika
>          Issue Type: Bug
>          Components: app, server
>    Affects Versions: 2.2.1
>            Reporter: Josh Burchard
>            Priority: Major
>             Fix For: 2.3.0
>
>
> Possible to get Apache Log4j2 bumped up to version 2.17.1 in Tika?  I didn't 
> see it mentioned in the [pre-release notes for Tika 
> 2.3.0|https://github.com/apache/tika/blob/82ed7304f16a452133f956ef2c27a52409f9bcbf/CHANGES.txt]
>  so I thought I'd ask here. Since it seems like log4j2 changes have ceased 
> being a moving target, it'd be excellent to just have the latest and greatest 
> version.
> [Apache Log4j Security 
> Vulnerabilities|https://logging.apache.org/log4j/2.x/security.html]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (TIKA-3669) CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

Reply via email to