Mark Struberg created OWB-1396: ---------------------------------- Summary: upgrade to log4j2 2.15.0 Key: OWB-1396 URL: https://issues.apache.org/jira/browse/OWB-1396 Project: OpenWebBeans Issue Type: Task Components: Core Affects Versions: 2.0.24 Reporter: Mark Struberg Assignee: Mark Struberg Fix For: 2.0.25
We gonna bump our log4j 2 version to the CVE free 2.15.0. Note that we did not ship this but only used it as a provided compile time dependency for compiling our optional log4j2 support against it! So this is not strictly a CVE related issue but just to make sure we don't get too many reports that we are using an evil version. -- This message was sent by Atlassian Jira (v8.20.1#820001)