[jira] [Commented] (LOGCXX-541) Upgrade log4j to 2.15.0 - CVE-2021-44288

Jira Sat, 11 Dec 2021 08:35:07 -0800


    [ 
https://issues.apache.org/jira/browse/LOGCXX-541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457673#comment-17457673
 ]


Thorsten Schöning commented on LOGCXX-541:
------------------------------------------

Log4cxx uses log4j 1.x for it's tests, which is not affected by the RCE AFAIK.

> Upgrade log4j to 2.15.0 - CVE-2021-44288
> ----------------------------------------
>
>                 Key: LOGCXX-541
>                 URL: https://issues.apache.org/jira/browse/LOGCXX-541
>             Project: Log4cxx
>          Issue Type: Bug
>          Components: Tests
>            Reporter: Peter Hurley
>            Priority: Major
>              Labels: security
>
> Log4j has an RCE vulnerability, see 
> [https://www.lunasec.io/docs/blog/log4j-zero-day/]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (LOGCXX-541) Upgrade log4j to 2.15.0 - CVE-2021-44288

Reply via email to