[Geoserver-devel] [JIRA] (GEOS-10335) Update GeoServer to a log4j version that does not support RCEs

Mon, 13 Dec 2021 09:30:48 -0800 

Andrea Aime ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ae9469ffc-5e16-4c2b-b7b0-b9c46e912f9e
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiMjI2NTE4ZjdmZTQ0NDk2MGFkODFiZDg5NWY2MDFmNWIiLCJwIjoiaiJ9
 ) / Task ( 
https://osgeo-org.atlassian.net/browse/GEOS-10335?atlOrigin=eyJpIjoiMjI2NTE4ZjdmZTQ0NDk2MGFkODFiZDg5NWY2MDFmNWIiLCJwIjoiaiJ9
 ) GEOS-10335 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10335?atlOrigin=eyJpIjoiMjI2NTE4ZjdmZTQ0NDk2MGFkODFiZDg5NWY2MDFmNWIiLCJwIjoiaiJ9
 ) Update GeoServer to a log4j version that does not support RCEs ( 
https://osgeo-org.atlassian.net/browse/GEOS-10335?atlOrigin=eyJpIjoiMjI2NTE4ZjdmZTQ0NDk2MGFkODFiZDg5NWY2MDFmNWIiLCJwIjoiaiJ9
 )

Issue Type: Task Assignee: Andrea Aime ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ae9469ffc-5e16-4c2b-b7b0-b9c46e912f9e
 ) Created: 13/Dec/21 6:29 PM Priority: Medium Reporter: Andrea Aime ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ae9469ffc-5e16-4c2b-b7b0-b9c46e912f9e
 )

Update the log4j dependency to a version that does not have any remote 
appended, thus closing the door to potential RCEs.

( 
https://osgeo-org.atlassian.net/browse/GEOS-10335#add-comment?atlOrigin=eyJpIjoiMjI2NTE4ZjdmZTQ0NDk2MGFkODFiZDg5NWY2MDFmNWIiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10335#add-comment?atlOrigin=eyJpIjoiMjI2NTE4ZjdmZTQ0NDk2MGFkODFiZDg5NWY2MDFmNWIiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100183- 
sha1:f6eba4b )
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel














    











					Reply via email to