[jira] [Resolved] (LOG4J2-3636) Vulnerability with log4j2 dependency

Matt Sicker (Jira) Wed, 16 Nov 2022 16:26:04 -0800


     [ 
https://issues.apache.org/jira/browse/LOG4J2-3636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Matt Sicker resolved LOG4J2-3636.
---------------------------------
    Resolution: Invalid

Being a library dependency, the end user always has control over the final 
versions of transitive dependencies being pulled into their project. We keep 
dependencies up to date between releases to ensure forward compatibility, too.

> Vulnerability with log4j2 dependency
> ------------------------------------
>
>                 Key: LOG4J2-3636
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-3636
>             Project: Log4j 2
>          Issue Type: Bug
>    Affects Versions: 2.19.0
>            Reporter: Sasikumar Muthukrishnan Sampath
>            Priority: Major
>
> The following vulnerability is associated with log4j2 2.19.0 version. This is 
> coming from jackson-databind and the fix for this issue is available with 
> jackson 2.13.4.1 and 2.14.0 versions. Please upgrade the jackson dependency 
> on log4j.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (LOG4J2-3636) Vulnerability with log4j2 dependency

Reply via email to