[KARAF-7292] Karaf update needed for log4j stepup - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Question
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: 4.3.2
Fix Version/s: None
Component/s: karaf
Labels:
- security
- vulnerability

Description

As reported in CVE-2021-44228 regarding log4j vulnerability we are planning to stepup log4j to clean 2.1.50 or higher but we cannot do unless pax-logging is in new version 2.0.11.

What is the tentative timeline in which new karaf version will be available with this latest pax-logging version? This info will help us in communicating to our customers.

Attachments

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Karthick

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Dec/21 06:38

Updated:: 14/Dec/21 06:43

Resolved:: 14/Dec/21 06:40