[ https://issues.apache.org/jira/browse/AXIS2-6020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Siva Gopal updated AXIS2-6020: ------------------------------ Summary: Patch for CVE-2021-44228 (was: Remediation for CVE-2021-44228) > Patch for CVE-2021-44228 > ------------------------ > > Key: AXIS2-6020 > URL: https://issues.apache.org/jira/browse/AXIS2-6020 > Project: Axis2 > Issue Type: Improvement > Affects Versions: 1.8.0 > Reporter: Siva Gopal > Priority: Critical > > With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and > log4j-core-2.14.1.jar files. So could you please throw some light on what is > the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and > any such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.) > or are the shipped DLLs are already patched against the vulnerability? Or > please provide details on if we can replace shipped log4j jar files with > latest patch jars before deploying our applications or any alternative? > Thanks! -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org