[
https://issues.apache.org/jira/browse/LOG4J2-3222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458987#comment-17458987
]
Daniel Kirkdorffer commented on LOG4J2-3222:
--------------------------------------------
Site news still refers to 2.15.1.
> Documentation at https://logging.apache.org/log4j/2.x/ has obsolete
> references to 2.15.1
> ----------------------------------------------------------------------------------------
>
> Key: LOG4J2-3222
> URL: https://issues.apache.org/jira/browse/LOG4J2-3222
> Project: Log4j 2
> Issue Type: Improvement
> Environment: See [https://logging.apache.org/log4j/2.x/:]
> {quote}
> h2. News
> Log4j 2.15.1 has been released solely to disable access to JNDI by default.
> The CVE noted below was fixed in the 2.15.0 release. 2.15.1 is NOT a required
> upgrade but users may choose to use it to have confidence that JNDI will not
> be abused.
> {quote}
> Reporter: Daniel Kirkdorffer
> Assignee: Matt Sicker
> Priority: Major
> Fix For: 2.16.0
>
>
> There is language in the documentation that refers to "2.15.1" which became
> "2.16.0".
> This could cause confusion.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
