[jira] [Updated] (KARAF-7299) Review logback CVE-2021-42550 for impact to karaf

Fri, 17 Dec 2021 07:23:56 -0800 


     [ 
https://issues.apache.org/jira/browse/KARAF-7299?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matt Pavlovich updated KARAF-7299:
----------------------------------
    Summary: Review logback CVE-2021-42550  for impact to karaf  (was: Review 
logback CVE for impact to karaf)

> Review logback CVE-2021-42550  for impact to karaf
> --------------------------------------------------
>
>                 Key: KARAF-7299
>                 URL: https://issues.apache.org/jira/browse/KARAF-7299
>             Project: Karaf
>          Issue Type: Task
>    Affects Versions: 4.2.12, 4.3.3
>            Reporter: Matt Pavlovich
>            Priority: Major
>
> Logback CVE along the lines of Log4Shell.
> logback fixed in v1.2.9
> Notes:
> # Karaf does not install logback bundle from pax-logging by default
> # there is no feature to install pax-logging-logback
> # Users must manually enable logback
> ref: https://jira.qos.ch/browse/LOGBACK-1591



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to