[
https://issues.apache.org/jira/browse/AXIOM-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458709#comment-17458709
]
Andreas Veithen commented on AXIOM-510:
---------------------------------------
Note that Axiom only uses log4j in tests. It's not a dependency of any of the
Axiom libraries that downstreams project use, and there is actually nothing to
address for CVE-2021-44228.
> Log4j2 update for CVE-2021-44228
> --------------------------------
>
> Key: AXIOM-510
> URL: https://issues.apache.org/jira/browse/AXIOM-510
> Project: Axiom
> Issue Type: Improvement
> Reporter: Robert Lazarski
> Priority: Major
> Fix For: 1.3.1
>
>
> I committed the upgrade of log4j2 to 2.15.0.
> [~veithen] , I see that you have done quite a few commits in Axiom since the
> 1.3.0 release - splendid work BTW.
> What's your thoughts on releasing Axiom for CVE-2021-44228? Axis2 and Rampart
> releases would follow.
> I did the last 1.3.0 release and volunteer for the next one - just thought
> I'd mention that.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
