Gregory Knott created AXIS2-5993:
------------------------------------
Summary: Upgrade logging to log4j v2.x
Key: AXIS2-5993
URL: https://issues.apache.org/jira/browse/AXIS2-5993
Project: Axis2
Issue Type: Improvement
Components: client-api
Affects Versions: 1.7.9
Environment: Tomcat
Reporter: Gregory Knott
Fix For: 1.7.9
[https://nvd.nist.gov/vuln/detail/CVE-2019-17571]
This vulnerability prompts us to upgrade to a v2 version of log4j since all v1
versions are end of support. However all versions of axis2 still use v1 log4j.
If axis2 is not updated, then we will need to move to another web service
container.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
