[jira] [Created] (KARAF-7298) Fix karaf 4.2.6 to include vunrability fix for log4j(CVE-2021-44228)

nizar.ben.mansour (Jira) Thu, 16 Dec 2021 03:37:02 -0800

nizar.ben.mansour created KARAF-7298:
----------------------------------------


             Summary: Fix karaf  4.2.6 to include vunrability fix for 
log4j(CVE-2021-44228)
                 Key: KARAF-7298
                 URL: https://issues.apache.org/jira/browse/KARAF-7298
             Project: Karaf
          Issue Type: Bug
         Environment: [^patch.diff]
            Reporter: nizar.ben.mansour
         Attachments: patch.diff

A new log4j vunarbility issue 
([https://nvd.nist.gov/vuln/detail/CVE-2021-44228)] is raised worldwide .

Karaf 4.2.6 is affacted by this vunarbility .In fact,it uses 
pax-logging-api/pax-logging-log4j2/pax-logging-logback 1.10.2 .

We need to upgrade those versions to 1.11.11 to fix this issue .

For that we propose the attached patch to modify the karaf 4.2.6 to include 
those new  logging API.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (KARAF-7298) Fix karaf 4.2.6 to include vunrability fix for log4j(CVE-2021-44228)

Reply via email to