[ https://issues.apache.org/jira/browse/JCLOUDS-1601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Gaul updated JCLOUDS-1601: --------------------------------- Component/s: jclouds-core > upgrade log4j due to security issue > ----------------------------------- > > Key: JCLOUDS-1601 > URL: https://issues.apache.org/jira/browse/JCLOUDS-1601 > Project: jclouds > Issue Type: Bug > Components: jclouds-core > Affects Versions: 2.5.0 > Reporter: PJ Fanning > Assignee: Andrew Gaul > Priority: Major > Fix For: 2.6.0 > > > There is a CVE against v2.17.0 > https://github.com/apache/jclouds/blob/master/project/pom.xml#L239 > https://logging.apache.org/log4j/2.x/security.html > Also, logback version is old (next line in pom) > https://mvnrepository.com/artifact/ch.qos.logback/logback-core -- This message was sent by Atlassian Jira (v8.20.1#820001)