Uploaded image for project: 'Maven Doxia Tools'
  1. Maven Doxia Tools
  2. DOXIATOOLS-67

log4j 1.2 is unsupported

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • doxia-linkcheck-1.2
    • doxia-linkcheck-1.3
    • Doxia Linkcheck
    • None

    Description

      It also has known security issues. Do we really need this in our classpath?

      A security vulnerability, CVE-2019-17571 has been identified against Log4j 1. Log4j includes a SocketServer that accepts serialized log events and deserializes them without verifying whether the objects are allowed or not. This can provide an attack vector that can be expoited. Since Log4j 1 is no longer maintained this issue will not be fixed. Users are urged to upgrade to Log4j 2.

      Attachments

        Issue Links

          Activity

            People

              elharo Elliotte Rusty Harold
              elharo Elliotte Rusty Harold
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: