[jira] [Commented] (LOG4J2-2329) Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088

Gary Gregory (JIRA) Mon, 30 Apr 2018 13:10:22 -0700

    [ 
https://issues.apache.org/jira/browse/LOG4J2-2329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16458983#comment-16458983
 ]


Gary Gregory commented on LOG4J2-2329:
--------------------------------------

What happens when you do a build with the new dependency?

> Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088
> ----------------------------------------------------------------
>
>                 Key: LOG4J2-2329
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-2329
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: SLF4J Bridge
>    Affects Versions: 2.11.0
>            Reporter: Sven Kubiak
>            Priority: Major
>
> Latest version of log4j-slf4j-impl has a dependency to slf4j-api version 
> 1.8.0-Alpha2. All version before 1.8.0-Beta2 have vulnerable due to 
> CVE-2018-8088.
> [https://nvd.nist.gov/vuln/detail/CVE-2018-8088]
> Can we update to at least 1.8.0-Beta2?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (LOG4J2-2329) Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088

Reply via email to