[
https://issues.apache.org/jira/browse/AXIS2-6017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17462058#comment-17462058
]
Robert Lazarski commented on AXIS2-6017:
----------------------------------------
Update: log4j2 has released 2.17.0 and Axis2 has updated our pom.xml.
Users are strongly encouraged to update their jars ASAP. Either update the jar
manually to the latest version or build Axis2 from source as described above.
This is the third log4j release in about a week and a lot of dependencies are
still catching up so a release will happen soon but not imminently.
> Is Axis2 vulnerable to Log4shell?
> ---------------------------------
>
> Key: AXIS2-6017
> URL: https://issues.apache.org/jira/browse/AXIS2-6017
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.8.0
> Reporter: Maarten Engels
> Priority: Major
> Labels: Security
>
> We all recently learned about the Log4j vulnerability “Log4shell”. As the
> axis framework uses Log4j, is axis vulnerable? Do you have any mitigation
> available?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
