Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
As per the NIST website https://nvd.nist.gov/vuln/detail/CVE-2021-45105 it says this CVE fixed in log4j 2.12.3 but I could notice the download page https://logging.apache.org/log4j/log4j-2.12.2/download.html it says "2.12.2" was the last release for Java7 and no more support for Java7 and Java6
Are you planning to release 2.12.3 or we should upgrade Java8 and apply log4j 2.17?