[ 
https://issues.apache.org/jira/browse/AXIS2-6020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Siva Gopal updated AXIS2-6020:
------------------------------
    Summary: Patch for CVE-2021-44228  (was: Remediation for CVE-2021-44228)

> Patch for CVE-2021-44228
> ------------------------
>
>                 Key: AXIS2-6020
>                 URL: https://issues.apache.org/jira/browse/AXIS2-6020
>             Project: Axis2
>          Issue Type: Improvement
>    Affects Versions: 1.8.0
>            Reporter: Siva Gopal
>            Priority: Critical
>
> With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and 
> log4j-core-2.14.1.jar files. So could you please throw some light on what is 
> the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and 
> any such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.) 
> or are the shipped DLLs are already patched against the vulnerability? Or 
> please provide details on if we can replace shipped log4j jar files with 
> latest patch jars before deploying our applications or any alternative?
> Thanks!



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to