[jira] [Commented] (LOG4J2-3218) Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228

ASF subversion and git services (Jira) Mon, 13 Dec 2021 07:26:07 -0800


    [ 
https://issues.apache.org/jira/browse/LOG4J2-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458477#comment-17458477
 ]


ASF subversion and git services commented on LOG4J2-3218:
---------------------------------------------------------

Commit f8fdf602d13baf1450f24e9cd2b2a4222e456fde in logging-log4j-kotlin's 
branch refs/heads/master from Raman Gupta
[ https://gitbox.apache.org/repos/asf?p=logging-log4j-kotlin.git;h=f8fdf60 ]

LOG4J2-3218 update log4j2 dep: CVE-2021-44228


> Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228
> ------------------------------------------------------------------------------
>
>                 Key: LOG4J2-3218
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3218
>             Project: Log4j 2
>          Issue Type: Dependency upgrade
>          Components: Kotlin API
>    Affects Versions: Kotlin 1.1.0
>            Reporter: Raman Gupta
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Kotlin API currently depends on log4j2 API version 2.13.2 which, assuming 
> users are using the corresponding implementation, is vulnerable by default to 
> CVE-2021-44228. Update dependency to 2.15.0.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (LOG4J2-3218) Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228

Reply via email to