[CONNECTORS-1683] Upgrade Log4J 2.17.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: ManifoldCF 2.20
Fix Version/s: ManifoldCF 2.21
Component/s: Framework core
Labels:

Description

Dependency Log4j 2 should be upgraded to Log4J 2.16.0, because there is a known RCE Vulnerability in previous Versions: https://www.lunasec.io/docs/blog/log4j-zero-day/

CVE-2021-44228
CVE-2021-45046
CVE-2021-45105

Attachments

Activity

People

Assignee:: Markus Schuch

Reporter:: Markus Schuch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Dec/21 15:27

Updated:: 19/Dec/21 13:24

Resolved:: 19/Dec/21 13:24