[
https://issues.apache.org/jira/browse/LOGGING-180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17482916#comment-17482916
]
Swyrik Thupili commented on LOGGING-180:
----------------------------------------
[~ggregory]
I could see it in the pom file.
log4j 1.2.17 is being used.
{code:java}
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
<optional>true</optional>
</dependency>{code}
https://repo1.maven.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.pom
> Upgrade commons logging log4j dependency versions to 2.17.0 and above
> ---------------------------------------------------------------------
>
> Key: LOGGING-180
> URL: https://issues.apache.org/jira/browse/LOGGING-180
> Project: Commons Logging
> Issue Type: Bug
> Affects Versions: 1.1.1, 1.2
> Reporter: Swyrik Thupili
> Priority: Major
>
> Please update the log4j 2 version to the log4j 2.17.0 and above. As the
> current versions are susceptible to
> [CVE-2021-44832|https://github.com/advisories/GHSA-8489-44mv-ggj8] Security
> Vulnerability.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
