[
https://issues.apache.org/jira/browse/WW-5151?focusedWorklogId=694730&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-694730
]
ASF GitHub Bot logged work on WW-5151:
--------------------------------------
Author: ASF GitHub Bot
Created on: 12/Dec/21 12:13
Start Date: 12/Dec/21 12:13
Worklog Time Spent: 10m
Work Description: lukaszlenart commented on pull request #511:
URL: https://github.com/apache/struts/pull/511#issuecomment-991886999
Thanks a lot!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 694730)
Time Spent: 20m (was: 10m)
> Bump to 2.15.0 to fix log4j vulnerability
> -----------------------------------------
>
> Key: WW-5151
> URL: https://issues.apache.org/jira/browse/WW-5151
> Project: Struts 2
> Issue Type: Dependency
> Components: Core Actions, Other
> Affects Versions: 2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27
> Environment: Any version that uses log4j before 2.15.0
> Reporter: Paulino Calderon
> Priority: Critical
> Fix For: 2.6
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Hello,
> It seems Apache struts is affected by the [log4j
> vulnerability|https://www.lunasec.io/docs/blog/log4j-zero-day/]. I've shared
> my findings with the security team privately where you could review the
> vulnerable code paths.
>
> Github PR: https://github.com/apache/struts/pull/511
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
