Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2329

Fix dependency in log4j-slf4j-impl to slf4j due to CVE-2018-8088

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.11.0
    • None
    • SLF4J Bridge
    • None
    • Important

    Description

      Latest version of log4j-slf4j-impl has a dependency to slf4j-api version 1.8.0-Alpha2. All version before 1.8.0-Beta2 have vulnerable due to CVE-2018-8088.

      https://nvd.nist.gov/vuln/detail/CVE-2018-8088

      Can we update to at least 1.8.0-Beta2?

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. LOG4J2-2573 Update Slf4j from 1.7.25 to 1.7.26

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. LOG4J2-2745 Upgrade slf4j 1.8 dependency to 1.8.0-alpha4

          • Major - Major loss of function.
          • Closed

          Dependency upgrade - Upgrading a dependency to a newer version LOG4J2-2796 CVEs in the execution path imported by dependencies

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              svenkubiak Sven Kubiak
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: