[jira] [Updated] (AXIS2-6020) Patch for CVE-2021-44228

Siva Gopal (Jira) Thu, 23 Dec 2021 03:39:03 -0800


     [ 
https://issues.apache.org/jira/browse/AXIS2-6020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Siva Gopal updated AXIS2-6020:
------------------------------
    Labels: security-issue  (was: )

> Patch for CVE-2021-44228
> ------------------------
>
>                 Key: AXIS2-6020
>                 URL: https://issues.apache.org/jira/browse/AXIS2-6020
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.8.0
>            Reporter: Siva Gopal
>            Priority: Critical
>              Labels: security-issue
>
> With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and 
> log4j-core-2.14.1.jar files. So could you please throw some light on what is 
> the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and 
> any such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.) 
> or are the shipped DLLs are already patched against the vulnerability? Or 
> please provide details on if we can replace shipped log4j jar files with 
> latest patch jars before deploying our applications or any alternative?
> Thanks!



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

[jira] [Updated] (AXIS2-6020) Patch for CVE-2021-44228

Reply via email to