Uploaded image for project: 'Groovy'
  1. Groovy
  2. GROOVY-10408

Bump log4j2 version to 2.15.0 (test dependency)

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.0.10, 4.0.0-rc-2
    • None
    • None

    Description

      Groovy doesn't bundle a version of Log4j in its distribution nor list it as a dependency in its pom (or bom), so isn't directly affected by CVE-2021-44228 (see https://logging.apache.org/log4j/2.x/security.html).

      However Groovy users using the Log4j2 AST transform (or using Log4j2 directly) may wish to update there version of Log4j or note the security workarounds mentioned in the above security vulnerability link.

      See also:

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            paulk Paul King
            paulk Paul King
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment