[DIRMINA-1158] CVE-2022-23302/23305/23307 In log4j(1.x) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Critical
Resolution: Not A Problem
Affects Version/s: 2.1.4, 2.1.5
Fix Version/s: None
Component/s: Core
Labels:
None

Description

Hi

Recently，three vulnerabilities have been discovered ：CVE-2022-23302/23305/23307 In log4j(1.x) 。

The module “mina-core” depend on log4j 1.2.17 ，

So do we have any plans to deal with these vulnerabilities?

Thanks ：）

https://www.cvedetails.com/cve/CVE-2022-23302

https://nvd.nist.gov/vuln/detail/CVE-2022-23305

https://nvd.nist.gov/vuln/detail/CVE-2022-23307

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: DONG LI

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24/Jan/22 02:23

Updated:: 06/Feb/22 08:01

Resolved:: 06/Feb/22 08:01