Paulino Calderon created WW-5151:
------------------------------------
Summary: Bump to 2.15.0 to fix log4j vulnerability
Key: WW-5151
URL: https://issues.apache.org/jira/browse/WW-5151
Project: Struts 2
Issue Type: Bug
Components: Core Actions, Other
Affects Versions: 2.5.27, 2.5.26, 2.5.25, 2.5.22, 2.5.20
Environment: Any version that uses log4j before 2.15.0
Reporter: Paulino Calderon
Hello,
It seems Apache struts is affected by the [log4j
vulnerability|https://www.lunasec.io/docs/blog/log4j-zero-day/]. I've shared my
findings with the security team privately where you could review the vulnerable
code paths.
Github PR: https://github.com/apache/struts/pull/511
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
