Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2329

Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.11.0
    • Fix Version/s: None
    • Component/s: SLF4J Bridge
    • Labels:
      None
    • Flags:
      Important

      Description

      Latest version of log4j-slf4j-impl has a dependency to slf4j-api version 1.8.0-Alpha2. All version before 1.8.0-Beta2 have vulnerable due to CVE-2018-8088.

      https://nvd.nist.gov/vuln/detail/CVE-2018-8088

      Can we update to at least 1.8.0-Beta2?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              svenkubiak Sven Kubiak
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: