[ATLAS-4505] Update log4j2 version to 2.15.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.2.0
Fix Version/s: 3.0.0, 2.3.0
Component/s: atlas-core
Labels:
None

Description

2.0 <= Apache log4j2 <= 2.14.1 have a RCE zero day.

https://logging.apache.org/log4j/2.x/security.html

2.15.0 is released to maven central - https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.15.0/

https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html

https://www.lunasec.io/docs/blog/log4j-zero-day/

Attachments

Activity

People

Assignee:: LuNing Wang

Reporter:: LuNing Wang

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 10/Dec/21 16:00

Updated:: 15/Dec/21 03:46

Resolved:: 12/Dec/21 01:07

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

0.5h