[jira] [Commented] (DOXIA-610) Update doxia-module-fo to not use log4j

ASF GitHub Bot (Jira) Thu, 20 Aug 2020 00:25:21 -0700


    [ 
https://issues.apache.org/jira/browse/DOXIA-610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17180996#comment-17180996
 ]


ASF GitHub Bot commented on DOXIA-610:
--------------------------------------

asfgit merged pull request #37:
URL: https://github.com/apache/maven-doxia/pull/37


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


> Update doxia-module-fo to not use log4j
> ---------------------------------------
>
>                 Key: DOXIA-610
>                 URL: https://issues.apache.org/jira/browse/DOXIA-610
>             Project: Maven Doxia
>          Issue Type: Dependency upgrade
>          Components: Module - FO
>    Affects Versions: 1.9.1
>            Reporter: John Burnham
>            Assignee: Sylwester Lachiewicz
>            Priority: Major
>             Fix For: 1.9.2
>
>
> This is critical for a release.  The version of log4j is 1.2.17 and contains 
> the following security risk:
> [CVE_2020_9488|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488]
> This should be updated to use org.apache.logging.log4j:log4j-core:2.13.2



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (DOXIA-610) Update doxia-module-fo to not use log4j

Reply via email to