[ https://issues.apache.org/jira/browse/KARAF-7299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Pavlovich updated KARAF-7299: ---------------------------------- Summary: Review logback CVE-2021-42550 for impact to karaf (was: Review logback CVE for impact to karaf) > Review logback CVE-2021-42550 for impact to karaf > -------------------------------------------------- > > Key: KARAF-7299 > URL: https://issues.apache.org/jira/browse/KARAF-7299 > Project: Karaf > Issue Type: Task > Affects Versions: 4.2.12, 4.3.3 > Reporter: Matt Pavlovich > Priority: Major > > Logback CVE along the lines of Log4Shell. > logback fixed in v1.2.9 > Notes: > # Karaf does not install logback bundle from pax-logging by default > # there is no feature to install pax-logging-logback > # Users must manually enable logback > ref: https://jira.qos.ch/browse/LOGBACK-1591 -- This message was sent by Atlassian Jira (v8.20.1#820001)