[jira] [Created] (KARAF-7398) Update pax logging to 2.0.16 / 1.11.15

Colm O hEigeartaigh (Jira) Mon, 28 Feb 2022 03:52:04 -0800

Colm O hEigeartaigh created KARAF-7398:
------------------------------------------


             Summary: Update pax logging to 2.0.16 / 1.11.15
                 Key: KARAF-7398
                 URL: https://issues.apache.org/jira/browse/KARAF-7398
             Project: Karaf
          Issue Type: Improvement
            Reporter: Colm O hEigeartaigh
             Fix For: 4.3.7, 4.2.16


This task is to update pax logging to 2.0.16 for 4.3.x, and 1.11.15 for 4.2.x. 

Pax Logging 1.11.14 uses Reload4J 1.2.18.2, but there are CVE issues fixed 
since then:
 * XML entity injection attack - fixed in 1.2.18.3 by hardening
 * [CVE-2020-9488 (SMTPAppender)|https://cve.report/CVE-2020-9488] fixed in 
1.2.18.3 by hardening



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (KARAF-7398) Update pax logging to 2.0.16 / 1.11.15

Reply via email to