[jira] [Commented] (JAMES-3683) Upgrade Log4j to 2.15.0 - CVE-2021-44228

Arnaud Lefebvre (Jira) Fri, 10 Dec 2021 09:03:08 -0800


    [ 
https://issues.apache.org/jira/browse/JAMES-3683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457270#comment-17457270
 ]


Arnaud Lefebvre commented on JAMES-3683:
----------------------------------------

Here is a pull request for the upgrade: 
https://github.com/apache/james-project/pull/793

> Upgrade Log4j to 2.15.0 - CVE-2021-44228
> ----------------------------------------
>
>                 Key: JAMES-3683
>                 URL: https://issues.apache.org/jira/browse/JAMES-3683
>             Project: James Server
>          Issue Type: Bug
>    Affects Versions: 3.6.1
>            Reporter: Arnaud Lefebvre
>            Priority: Major
>              Labels: security
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Log4j has an RCE vulnerability, see 
> https://www.lunasec.io/docs/blog/log4j-zero-day/



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

[jira] [Commented] (JAMES-3683) Upgrade Log4j to 2.15.0 - CVE-2021-44228

Reply via email to