[
https://issues.apache.org/jira/browse/MEECROWAVE-304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mark Struberg updated MEECROWAVE-304:
-
Description:
Log4j2-2.14.1 contains a CVE related but which allows code injection via JNDI
in the log string.
This is prevented with more recent Java JDK versions but is now also fixed in
log4j2 directly.
Please use this MW version or update your installations by replacing the
log4j2.jars with 2.15.0 manually.
> upgrade to log4j2 2.15.0
>
>
> Key: MEECROWAVE-304
> URL: https://issues.apache.org/jira/browse/MEECROWAVE-304
> Project: Meecrowave
> Issue Type: Bug
>Affects Versions: 1.2.12
>Reporter: Mark Struberg
>Priority: Major
> Fix For: 1.2.13
>
>
> Log4j2-2.14.1 contains a CVE related but which allows code injection via JNDI
> in the log string.
> This is prevented with more recent Java JDK versions but is now also fixed in
> log4j2 directly.
> Please use this MW version or update your installations by replacing the
> log4j2.jars with 2.15.0 manually.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
