Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-7299

Review logback CVE-2021-42550 for impact to karaf

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 4.2.12, 4.3.3
    • None
    • karaf
    • None

    Description

      Logback CVE-2021-42550 along the lines of Log4Shell.

      logback fixed in v1.2.9

      Notes:

      1. Karaf does not install logback bundle from pax-logging by default
      2. there is no feature to install pax-logging-logback
      3. Users must manually enable logback

      ref: https://jira.qos.ch/browse/LOGBACK-1591

      Attachments

        Issue Links

          is duplicated by

          Dependency upgrade - Upgrading a dependency to a newer version KARAF-7300 Upgrade to Pax Logging 2.0.13

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jbonofre Jean-Baptiste Onofré
              mattrpav Matt Pavlovich
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: