[ https://issues.apache.org/jira/browse/JAMES-3683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457270#comment-17457270 ]
Arnaud Lefebvre commented on JAMES-3683: ---------------------------------------- Here is a pull request for the upgrade: https://github.com/apache/james-project/pull/793 > Upgrade Log4j to 2.15.0 - CVE-2021-44228 > ---------------------------------------- > > Key: JAMES-3683 > URL: https://issues.apache.org/jira/browse/JAMES-3683 > Project: James Server > Issue Type: Bug > Affects Versions: 3.6.1 > Reporter: Arnaud Lefebvre > Priority: Major > Labels: security > Time Spent: 10m > Remaining Estimate: 0h > > Log4j has an RCE vulnerability, see > https://www.lunasec.io/docs/blog/log4j-zero-day/ -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org