Siva Gopal created AXIS2-6020:
---------------------------------
Summary: Remediation for CVE-2021-44228
Key: AXIS2-6020
URL: https://issues.apache.org/jira/browse/AXIS2-6020
Project: Axis2
Issue Type: Improvement
Affects Versions: 1.8.0
Reporter: Siva Gopal
With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and
log4j-core-2.14.1.jar files. So could you please throw some light on what is
the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and any
such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.) or are
the shipped DLLs are already patched against the vulnerability? Or please
provide details on if we can replace shipped log4j jar files with latest patch
jars before deploying our applications?
Thanks!
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
