[ https://issues.apache.org/jira/browse/LOG4J2-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458477#comment-17458477 ]
ASF subversion and git services commented on LOG4J2-3218: --------------------------------------------------------- Commit f8fdf602d13baf1450f24e9cd2b2a4222e456fde in logging-log4j-kotlin's branch refs/heads/master from Raman Gupta [ https://gitbox.apache.org/repos/asf?p=logging-log4j-kotlin.git;h=f8fdf60 ] LOG4J2-3218 update log4j2 dep: CVE-2021-44228 > Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228 > ------------------------------------------------------------------------------ > > Key: LOG4J2-3218 > URL: https://issues.apache.org/jira/browse/LOG4J2-3218 > Project: Log4j 2 > Issue Type: Dependency upgrade > Components: Kotlin API > Affects Versions: Kotlin 1.1.0 > Reporter: Raman Gupta > Priority: Major > Time Spent: 0.5h > Remaining Estimate: 0h > > Kotlin API currently depends on log4j2 API version 2.13.2 which, assuming > users are using the corresponding implementation, is vulnerable by default to > CVE-2021-44228. Update dependency to 2.15.0. -- This message was sent by Atlassian Jira (v8.20.1#820001)