[jira] [Updated] (KARAF-7298) Fix karaf 4.2.6 to include vunrability fix for log4j(CVE-2021-44228)

nizar.ben.mansour (Jira) Thu, 16 Dec 2021 03:41:12 -0800


     [ 
https://issues.apache.org/jira/browse/KARAF-7298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


nizar.ben.mansour updated KARAF-7298:
-------------------------------------
          Component/s: karaf
    Affects Version/s: 4.2.6

> Fix karaf  4.2.6 to include vunrability fix for log4j(CVE-2021-44228)
> ---------------------------------------------------------------------
>
>                 Key: KARAF-7298
>                 URL: https://issues.apache.org/jira/browse/KARAF-7298
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf
>    Affects Versions: 4.2.6
>         Environment: [^patch.diff]
>            Reporter: nizar.ben.mansour
>            Priority: Critical
>         Attachments: patch.diff
>
>
> A new log4j vunarbility issue 
> ([https://nvd.nist.gov/vuln/detail/CVE-2021-44228)] is raised worldwide .
> Karaf 4.2.6 is affacted by this vunarbility .In fact,it uses 
> pax-logging-api/pax-logging-log4j2/pax-logging-logback 1.10.2 .
> We need to upgrade those versions to 1.11.11 to fix this issue .
> For that we propose the attached patch to modify the karaf 4.2.6 to include 
> those new  logging API.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (KARAF-7298) Fix karaf 4.2.6 to include vunrability fix for log4j(CVE-2021-44228)

Reply via email to