Dear Axis2 developers, latest available Apache Axis2 version on Maven Central is vulnerable to several known CVEs.
For example the anymore not so recent Log4j CVEs are really, really critical, because they allow remote code execution (RCE) attacks. CVE-2021-45105 CVE-2021-45046 CVE-2021-44832 CVE-2021-44228 CVE-2021-22060 see https://mvnrepository.com/artifact/org.apache.axis2/axis2/1.8.0 Seems like Dependabot already automatically bumped the versions in master branch (1.8.1.-SNAPSHOT version). However that version with fixes was not released yet. Could someone with maintainer rights on the Apache Axis2 repository release the 1.8.1 version? I am happy to support you on any release tasks where needed. Cheers, Philipp Philipp Lewe Application Development Specialist – Accenture Interactive Delivery <http://www.accenture.com/interactive> Accenture Technology Solutions GmbH Sebrathweg 20 44149 Dortmund Mobile: +49 175-576-4703 philipp.l...@accenture.com <https://www.accenture.com/> <https://www.linkedin.com/company/accenture> <https://twitter.com/Accenture> <https://www.facebook.com/accenture> <https://www.instagram.com/accenture> <https://www.youtube.com/accenture> Sitz: Kronberg. Registergericht: Königstein im Taunus, HRB 5968. Geschäftsführer: Antje Hoffmann, Marcus Huth, Ildiko Kreisz, Michael Nolte, Jürgen Pinkl ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. ______________________________________________________________________________________ www.accenture.com --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
