[
https://issues.apache.org/jira/browse/LOG4J2-3224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459077#comment-17459077
]
Volkan Yazici commented on LOG4J2-3224:
---------------------------------------
The necessary migration effort depends a lot on the the Log4j components you
use and their backward incompatible changes involved, if there are any. We do
our best to avoid introducing any backward incompatible changes in minor
version upgrades, hence it might be that you don't need to anything except
upgrading the dependency version.
Yes, you are advised to upgrade to 2.16.0 – which has more hardened security
measures compared to 2.15.0.
> Log4j 2.13.0
> ------------
>
> Key: LOG4J2-3224
> URL: https://issues.apache.org/jira/browse/LOG4J2-3224
> Project: Log4j 2
> Issue Type: Bug
> Components: Build
> Affects Versions: 2.13.0
> Reporter: Edmondo Sena
> Priority: Critical
> Fix For: 2.15.0
>
>
> Given the vulnerabilities of Log4j 2.13.0, does the switch to log4j 2.15.0
> have severe design impacts or is it painless? Is version 2.15.0 okay or is
> version 2.16.0 required?
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
