Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update log4j to fix log4shell vulnerability #316

Closed
wants to merge 1 commit into from
Closed

update log4j to fix log4shell vulnerability #316

wants to merge 1 commit into from

Conversation

davideicardi
Copy link
Collaborator

Fix #315

@davideicardi davideicardi mentioned this pull request Dec 13, 2021
Closed
mcs
mcs approved these changes Dec 13, 2021
View reviewed changes
Copy link
Contributor

@mcs mcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good on my machine :-)

mih-kopylov
mih-kopylov reviewed Dec 14, 2021
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@davideicardi
Copy link
Collaborator Author

davideicardi commented Dec 16, 2021
edited
Loading

@ekoutanov (writing to you because I see you made the latest merge ;-) )
Are you or someone else able to merge this PR and create a new release?

Maybe it is not perfect but it should fix the main issue and resolve the vulnerability that can be important for a lot of people.

If I can help in some way please let me know.

mih-kopylov
mih-kopylov reviewed Dec 17, 2021
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@davideicardi davideicardi force-pushed the fix/update-log4j2-for-vulnerability branch from bdc7036 to 07b8547 Compare December 17, 2021 10:13
@andytson
Copy link
Contributor

andytson commented Dec 19, 2021
edited
Loading

2.17.0 now for CVE-2021-45105?

https://snyk.io/blog/log4j-2-16-vulnerability-cve-2021-45105-discovered/

I don't want to slow this down though, and the other CVE is a much higher threat.

@davideicardi
Copy link
Collaborator Author

See #321

@davideicardi
Copy link
Collaborator Author

Closing in favor of #320

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mfinger-incontact mfinger-incontact mfinger-incontact left review comments

@mih-kopylov mih-kopylov mih-kopylov left review comments

@srinivassegu srinivassegu srinivassegu approved these changes

@mcs mcs mcs approved these changes

@darlaig darlaig darlaig approved these changes

@meenusundar008 meenusundar008 meenusundar008 approved these changes

@sourgoyal sourgoyal sourgoyal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Upgrade to log4j 2.15.0 to address CVE-2021-44228
9 participants
@davideicardi @andytson @mcs @srinivassegu @mih-kopylov @sourgoyal @meenusundar008 @darlaig @mfinger-incontact