[
https://issues.apache.org/jira/browse/PLUTO-787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Neil Griffin updated PLUTO-787:
-------------------------------
Component/s: maven archetypes
> Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228
> ----------------------------------------------------------------
>
> Key: PLUTO-787
> URL: https://issues.apache.org/jira/browse/PLUTO-787
> Project: Pluto
> Issue Type: Task
> Components: demo portlets, maven archetypes
> Reporter: Neil Griffin
> Assignee: Neil Griffin
> Priority: Major
> Fix For: 3.1.1
>
>
> This task involves migrating the following dependencies from Log4j 1.x to
> Log4j 2.x due to
> [CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]:
> - log4j:log4j -> org.apache.logging.log4j:log4j-api-2.16.0
> - org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.16.0
> Also, due to
> [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]
> (which only affects Log4j2) it is necessary to use version 2.16.0 at a
> minimum.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
