[
https://issues.apache.org/jira/browse/AXIS2-6020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siva Gopal updated AXIS2-6020:
------------------------------
Summary: Patch for CVE-2021-44228 (was: Remediation for CVE-2021-44228)
> Patch for CVE-2021-44228
> ------------------------
>
> Key: AXIS2-6020
> URL: https://issues.apache.org/jira/browse/AXIS2-6020
> Project: Axis2
> Issue Type: Improvement
> Affects Versions: 1.8.0
> Reporter: Siva Gopal
> Priority: Critical
>
> With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and
> log4j-core-2.14.1.jar files. So could you please throw some light on what is
> the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and
> any such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.)
> or are the shipped DLLs are already patched against the vulnerability? Or
> please provide details on if we can replace shipped log4j jar files with
> latest patch jars before deploying our applications or any alternative?
> Thanks!
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
