[
https://issues.apache.org/jira/browse/UNOMI-546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Serge Huber closed UNOMI-546.
-----------------------------
Resolution: Fixed
> Update log4j version
> --------------------
>
> Key: UNOMI-546
> URL: https://issues.apache.org/jira/browse/UNOMI-546
> Project: Apache Unomi
> Issue Type: Task
> Reporter: Jonathan Sinovassin
> Assignee: Jonathan Sinovassin
> Priority: Major
> Fix For: 2.0.0, 1.6.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> A vulnerability has been uncovered in the [Apache
> Log4j2|https://logging.apache.org/log4j/2.x/] library, tracked under the
> following reference :
> [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228].
> The vulnerability has been dubbed *Log4Shell* exploit.
> You can find
> [here|https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/]
> and
> [here|https://www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/]
> some pretty detailed explanation of the vulnerability, its impact and level
> of risk.
>
> The versions of Log4j impacted by the vulnerability are from 2.0-beta9 to
> 2.14.1 . The Apache foundation released last Friday version 2.15 which is
> addressing the issue.
>
> The module unomi-persistence-elasticsearch is using the version 2.12.1, we
> should update it to 2.17.0
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
