[ https://issues.apache.org/jira/browse/JCLOUDS-1601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17523688#comment-17523688 ]
ASF subversion and git services commented on JCLOUDS-1601: ---------------------------------------------------------- Commit 659951bc63368bb1eed8d2e25b2ae5ed79476e56 in jclouds's branch refs/heads/master from Andrew Gaul [ https://gitbox.apache.org/repos/asf?p=jclouds.git;h=659951bc63 ] JCLOUDS-1601: Upgrade to log4j 2.17.2 Release notes: https://logging.apache.org/log4j/2.x/changes-report.html#a2.17.2 > upgrade log4j due to security issue > ----------------------------------- > > Key: JCLOUDS-1601 > URL: https://issues.apache.org/jira/browse/JCLOUDS-1601 > Project: jclouds > Issue Type: Bug > Reporter: PJ Fanning > Assignee: Andrew Gaul > Priority: Major > > There is a CVE against v2.17.0 > https://github.com/apache/jclouds/blob/master/project/pom.xml#L239 > https://logging.apache.org/log4j/2.x/security.html > Also, logback version is old (next line in pom) > https://mvnrepository.com/artifact/ch.qos.logback/logback-core -- This message was sent by Atlassian Jira (v8.20.1#820001)