[jira] [Updated] (LOGCXX-545) Upgrade log4j to 2.17.0 - Both log4j 1 and 2 have CVE vulnerability

Tue, 21 Dec 2021 05:22:51 -0800 


     [ 
https://issues.apache.org/jira/browse/LOGCXX-545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chiaowen updated LOGCXX-545:
----------------------------
    Description: 
Both log4j 1 and 2 have CVE vulnerability.
||CVE||Affected log4j versions||
|[CVE-2019-17571|https://nvd.nist.gov/vuln/detail/CVE-2019-17571]|1.2.*|
|[CVE-2021-44228|https://nvd.nist.gov/vuln/detail/CVE-2021-44228]|2.0 ~ 2.14.1|
|[CVE-2021-45046|https://nvd.nist.gov/vuln/detail/CVE-2021-45046] |2.0 ~ 2.15.0|
|[CVE-2021-4104|https://nvd.nist.gov/vuln/detail/CVE-2021-4104]|1.2.*|
|[CVE-2021-45105|https://nvd.nist.gov/vuln/detail/CVE-2021-45105]|2.0 ~ 2.16.0|

  was:
Both log4j 1 and 2 have CVE vulnerability. It's necessary to upgrade log4j to 
the latest version.
||CVE||Affected log4j versions||
|[CVE-2019-17571|https://nvd.nist.gov/vuln/detail/CVE-2019-17571]|1.2.*|
|[CVE-2021-44228|https://nvd.nist.gov/vuln/detail/CVE-2021-44228]|2.0 ~ 2.14.1|
|[CVE-2021-45046|https://nvd.nist.gov/vuln/detail/CVE-2021-45046] |2.0 ~ 2.15.0|
|[CVE-2021-4104|https://nvd.nist.gov/vuln/detail/CVE-2021-4104]|1.2.*|
|[CVE-2021-45105|https://nvd.nist.gov/vuln/detail/CVE-2021-45105]|2.0 ~ 2.16.0|


> Upgrade log4j to 2.17.0 - Both log4j 1 and 2 have CVE vulnerability
> -------------------------------------------------------------------
>
>                 Key: LOGCXX-545
>                 URL: https://issues.apache.org/jira/browse/LOGCXX-545
>             Project: Log4cxx
>          Issue Type: Improvement
>            Reporter: Chiaowen
>            Priority: Major
>
> Both log4j 1 and 2 have CVE vulnerability.
> ||CVE||Affected log4j versions||
> |[CVE-2019-17571|https://nvd.nist.gov/vuln/detail/CVE-2019-17571]|1.2.*|
> |[CVE-2021-44228|https://nvd.nist.gov/vuln/detail/CVE-2021-44228]|2.0 ~ 
> 2.14.1|
> |[CVE-2021-45046|https://nvd.nist.gov/vuln/detail/CVE-2021-45046] |2.0 ~ 
> 2.15.0|
> |[CVE-2021-4104|https://nvd.nist.gov/vuln/detail/CVE-2021-4104]|1.2.*|
> |[CVE-2021-45105|https://nvd.nist.gov/vuln/detail/CVE-2021-45105]|2.0 ~ 
> 2.16.0|



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to