[jira] [Updated] (PLUTO-787) Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228
[ https://issues.apache.org/jira/browse/PLUTO-787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Neil Griffin updated PLUTO-787: --- Component/s: maven archetypes > Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228 > > > Key: PLUTO-787 > URL: https://issues.apache.org/jira/browse/PLUTO-787 > Project: Pluto > Issue Type: Task > Components: demo portlets, maven archetypes >Reporter: Neil Griffin >Assignee: Neil Griffin >Priority: Major > Fix For: 3.1.1 > > > This task involves migrating the following dependencies from Log4j 1.x to > Log4j 2.x due to > [CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]: > - log4j:log4j -> org.apache.logging.log4j:log4j-api-2.16.0 > - org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.16.0 > Also, due to > [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228] > (which only affects Log4j2) it is necessary to use version 2.16.0 at a > minimum. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (PLUTO-787) Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228
[ https://issues.apache.org/jira/browse/PLUTO-787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Neil Griffin updated PLUTO-787: --- Description: This task involves migrating the following dependencies from Log4j 1.x to Log4j 2.x due to [CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]: - log4j:log4j -> org.apache.logging.log4j:log4j-api-2.16.0 - org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.16.0 Also, due to [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228] (which only affects Log4j2) it is necessary to use version 2.16.0 at a minimum. was: This task involves migrating the following dependencies from Log4j 1.x to Log4j 2.x due to [CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]: - log4j:log4j -> org.apache.logging.log4j:log4j-api-2.15.0 - org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.15.0 Also, due to [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228] (which only affects Log4j2) it is necessary to use version 2.15.0 at a minimum. > Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228 > > > Key: PLUTO-787 > URL: https://issues.apache.org/jira/browse/PLUTO-787 > Project: Pluto > Issue Type: Task > Components: demo portlets >Reporter: Neil Griffin >Assignee: Neil Griffin >Priority: Major > Fix For: 3.1.1 > > > This task involves migrating the following dependencies from Log4j 1.x to > Log4j 2.x due to > [CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]: > - log4j:log4j -> org.apache.logging.log4j:log4j-api-2.16.0 > - org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.16.0 > Also, due to > [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228] > (which only affects Log4j2) it is necessary to use version 2.16.0 at a > minimum. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (PLUTO-787) Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228
[ https://issues.apache.org/jira/browse/PLUTO-787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Neil Griffin updated PLUTO-787: --- Summary: Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228 (was: Migrate to Log4j 2.15.0 due to CVE-2019-17571 and CVE-2021-44228) > Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228 > > > Key: PLUTO-787 > URL: https://issues.apache.org/jira/browse/PLUTO-787 > Project: Pluto > Issue Type: Task > Components: demo portlets >Reporter: Neil Griffin >Assignee: Neil Griffin >Priority: Major > Fix For: 3.1.1 > > > This task involves migrating the following dependencies from Log4j 1.x to > Log4j 2.x due to > [CVE-2019-17571|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571]: > - log4j:log4j -> org.apache.logging.log4j:log4j-api-2.15.0 > - org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.15.0 > Also, due to > [CVE-2021-44228|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228] > (which only affects Log4j2) it is necessary to use version 2.15.0 at a > minimum. -- This message was sent by Atlassian Jira (v8.20.1#820001)