[JENA-2214] Update log4j2 to 2.16.0 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: Jena 4.3.1
Fix Version/s: Jena 4.3.2, Jena 4.4.0
Component/s: None
Labels:
None

Description

~~This is not a security update.~~

(Update: There is now a "moderate" vulnerability in log4j 2.15.0 which is fixed by log4j 2.16.0. CVE-2021-45046)

log4j2 change log:

https://logging.apache.org/log4j/2.x/changes-report.html#a2.16.0

This removes the functionality of CVE-2021-44228.

2.15.0 fixed the vulnerability by making the functionality not-enabled by default.

Attachments

Activity

People

Assignee:: Andy Seaborne

Reporter:: Andy Seaborne

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Dec/21 08:56

Updated:: 19/Dec/21 10:36

Resolved:: 15/Dec/21 08:36