[ https://issues.apache.org/jira/browse/AXIS2-6020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Siva Gopal updated AXIS2-6020: ------------------------------ Labels: security-issue (was: ) > Patch for CVE-2021-44228 > ------------------------ > > Key: AXIS2-6020 > URL: https://issues.apache.org/jira/browse/AXIS2-6020 > Project: Axis2 > Issue Type: Bug > Affects Versions: 1.8.0 > Reporter: Siva Gopal > Priority: Critical > Labels: security-issue > > With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and > log4j-core-2.14.1.jar files. So could you please throw some light on what is > the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and > any such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.) > or are the shipped DLLs are already patched against the vulnerability? Or > please provide details on if we can replace shipped log4j jar files with > latest patch jars before deploying our applications or any alternative? > Thanks! -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org