This is an automated email from the ASF dual-hosted git repository.
rpopma pushed a commit to branch release-2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release-2.x by this push:
new cdac17c [LOG4J2-2819] update security page for CVE-2020-9488 fix
backported to 2.12.3
cdac17c is described below
commit cdac17cd594e5235b8e26e28b4c80583fe9afc75
Author: rpopma <rpo...@apache.org>
AuthorDate: Thu Dec 23 13:01:18 2021 +0900
[LOG4J2-2819] update security page for CVE-2020-9488 fix backported to
2.12.3
---
src/site/markdown/security.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md
index 54168d1..23fe3f4 100644
--- a/src/site/markdown/security.md
+++ b/src/site/markdown/security.md
@@ -317,7 +317,7 @@ This issue was discovered by Chen Zhaojun of Alibaba Cloud
Security Team.
-
[https://issues.apache.org/jira/browse/LOG4J2-3201](https://issues.apache.org/jira/browse/LOG4J2-3201)
-
[https://issues.apache.org/jira/browse/LOG4J2-3198](https://issues.apache.org/jira/browse/LOG4J2-3198).
-## <a name="log4j-2.12.3"/> Fixed in Log4j 2.12.3 (Java 7)
+## <a name="log4j-2.13.2"/> Fixed in Log4j 2.13.2 (Java 8) and 2.12.3 (Java 7)
<a name="CVE-2020-9488"/><a name="cve-2020-9488"/>
[CVE-2020-9488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488):
Improper validation of certificate with host mismatch in Apache Log4j SMTP
appender.
