[jira] [Commented] (KARAF-7295) CVE-2021-45046 update

Jira Thu, 16 Dec 2021 01:12:04 -0800


    [ 
https://issues.apache.org/jira/browse/KARAF-7295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17460510#comment-17460510
 ]


Jean-Baptiste Onofré commented on KARAF-7295:
---------------------------------------------

Fixed in 4.3.4 release currently in vote, using Pax Logging 2.0.12 upgrading to 
log4j 2.16.0.

> CVE-2021-45046 update
> ---------------------
>
>                 Key: KARAF-7295
>                 URL: https://issues.apache.org/jira/browse/KARAF-7295
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf
>    Affects Versions: 4.3.3, 4.3.4
>            Reporter: Carlos Caicedo
>            Priority: Major
>
> According to [https://logging.apache.org/log4j/2.x/security.html],setting 
> system property log4j2.formatMsgNoLookups is not enough to solve the 
> situation.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (KARAF-7295) CVE-2021-45046 update

Reply via email to