[
https://issues.apache.org/jira/browse/WW-5151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-5151:
------------------------------
Fix Version/s: 2.6
> Bump to 2.15.0 to fix log4j vulnerability
> -----------------------------------------
>
> Key: WW-5151
> URL: https://issues.apache.org/jira/browse/WW-5151
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions, Other
> Affects Versions: 2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27
> Environment: Any version that uses log4j before 2.15.0
> Reporter: Paulino Calderon
> Priority: Critical
> Fix For: 2.6
>
>
> Hello,
> It seems Apache struts is affected by the [log4j
> vulnerability|https://www.lunasec.io/docs/blog/log4j-zero-day/]. I've shared
> my findings with the security team privately where you could review the
> vulnerable code paths.
>
> Github PR: https://github.com/apache/struts/pull/511
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
