Siva Gopal created AXIS2-6020: --------------------------------- Summary: Remediation for CVE-2021-44228 Key: AXIS2-6020 URL: https://issues.apache.org/jira/browse/AXIS2-6020 Project: Axis2 Issue Type: Improvement Affects Versions: 1.8.0 Reporter: Siva Gopal
With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and log4j-core-2.14.1.jar files. So could you please throw some light on what is the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and any such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.) or are the shipped DLLs are already patched against the vulnerability? Or please provide details on if we can replace shipped log4j jar files with latest patch jars before deploying our applications? Thanks! -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org