[jira] [Commented] (LOG4J2-3218) Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228

Raman Gupta (Jira) Mon, 13 Dec 2021 06:20:05 -0800


    [ 
https://issues.apache.org/jira/browse/LOG4J2-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458425#comment-17458425
 ]


Raman Gupta commented on LOG4J2-3218:
-------------------------------------

https://github.com/apache/logging-log4j-kotlin/pull/21

> Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228
> ------------------------------------------------------------------------------
>
>                 Key: LOG4J2-3218
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3218
>             Project: Log4j 2
>          Issue Type: Dependency upgrade
>          Components: Kotlin API
>    Affects Versions: Kotlin 1.1.0
>            Reporter: Raman Gupta
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Kotlin API currently depends on log4j2 API version 2.13.2 which, assuming 
> users are using the corresponding implementation, is vulnerable by default to 
> CVE-2021-44228. Update dependency to 2.15.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (LOG4J2-3218) Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228

Reply via email to