[jira] [Commented] (DOXIA-610) Update doxia-module-fo to use latest log4j

ASF GitHub Bot (Jira) Wed, 19 Aug 2020 15:37:11 -0700


    [ 
https://issues.apache.org/jira/browse/DOXIA-610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17180873#comment-17180873
 ]


ASF GitHub Bot commented on DOXIA-610:
--------------------------------------

slachiewicz opened a new pull request #37:
URL: https://github.com/apache/maven-doxia/pull/37


   Use default configuration - jdk logger


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


> Update doxia-module-fo to use latest log4j
> ------------------------------------------
>
>                 Key: DOXIA-610
>                 URL: https://issues.apache.org/jira/browse/DOXIA-610
>             Project: Maven Doxia
>          Issue Type: Dependency upgrade
>          Components: Module - FO
>    Affects Versions: 1.9.1
>            Reporter: John Burnham
>            Priority: Critical
>
> This is critical for a release.  The version of log4j is 1.2.17 and contains 
> the following security risk:
> [CVE_2020_9488|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488]
> This should be updated to use org.apache.logging.log4j:log4j-core:2.13.2



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (DOXIA-610) Update doxia-module-fo to use latest log4j

Reply via email to