[GitHub] [activemq] luke-zhang commented on a change in pull request #662: [AMQ-7426] Upgrade to log4j2

GitBox Thu, 06 Jan 2022 02:37:54 -0800


luke-zhang commented on a change in pull request #662:
URL: https://github.com/apache/activemq/pull/662#discussion_r779453129




##########
File path: pom.xml
##########
@@ -82,7 +80,8 @@
     <junit-version>4.13.2</junit-version>
     <hamcrest-version>1.3</hamcrest-version>
     <karaf-version>4.2.10</karaf-version>
-    <log4j-version>1.2.17</log4j-version>
+    <slf4j-version>1.7.30</slf4j-version>
+    <log4j-version>2.14.1</log4j-version>

Review comment:
       Log4j 2.17.1 is the latest version that includes the fix to 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832. 
   by the way is there a date of when this can be released?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [activemq] luke-zhang commented on a change in pull request #662: [AMQ-7426] Upgrade to log4j2

Reply via email to