Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-3218

Upgrade log4j2 dependency version in the kotlin logging API for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105

    XMLWordPrintableJSON

Details

    • Dependency upgrade
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • Kotlin 1.1.0
    • Kotlin 1.2.0
    • Kotlin API
    • None

    Description

      Kotlin API currently depends on log4j2 API version 2.13.2 which, assuming users are using the corresponding implementation, is vulnerable by default to CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105. Update dependency to 2.17.0.

      Attachments

        Activity

          People

            mattsicker Matt Sicker
            rocketraman Raman Gupta
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 50m
                50m