Siva Gopal created AXIS2-6020:
---------------------------------

             Summary: Remediation for CVE-2021-44228
                 Key: AXIS2-6020
                 URL: https://issues.apache.org/jira/browse/AXIS2-6020
             Project: Axis2
          Issue Type: Improvement
    Affects Versions: 1.8.0
            Reporter: Siva Gopal


With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and 
log4j-core-2.14.1.jar files. So could you please throw some light on what is 
the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and any 
such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.) or are 
the shipped DLLs are already patched against the vulnerability? Or please 
provide details on if we can replace shipped log4j jar files with latest patch 
jars before deploying our applications?

Thanks!



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to