[
https://issues.apache.org/jira/browse/LOGGING-180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17491007#comment-17491007
]
sietze edited comment on LOGGING-180 at 2/11/22, 4:07 PM:
----------------------------------------------------------
Also having problems with this, upgrade would be good.
Maven dependency plugin also has this as a transitive dependency, causing false
positives by scanners on some of our servers.
was (Author: JIRAUSER285091):
Also having problems with this, upgrade would be good I guess.
Maven dependency plugin also has this as a transitive dependency, causing false
positives by scanners on some of our servers.
> Upgrade commons logging log4j dependency versions to 2.17.0 and above
> ---------------------------------------------------------------------
>
> Key: LOGGING-180
> URL: https://issues.apache.org/jira/browse/LOGGING-180
> Project: Commons Logging
> Issue Type: Bug
> Affects Versions: 1.1.1, 1.2
> Reporter: Swyrik Thupili
> Priority: Major
>
> Please update the log4j 2 version to the log4j 2.17.0 and above. As the
> current versions are susceptible to
> [CVE-2021-44832|https://github.com/advisories/GHSA-8489-44mv-ggj8] Security
> Vulnerability.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
