Uploaded image for project: 'Archiva (Retired)'
  1. Archiva (Retired)
  2. MRM-2023

Critical Log4j RCE bug (CVE-2021-44228)

Details

    • Dependency upgrade
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.2.5
    • 2.2.6
    • Audit Logging
    • None

    Description

      The log4j version in archiva 2.2.5 is 2.8.2. This version is affected by CVE-2021-44228 (RCE).

      Upgrading dependency to log4j version 2.15.0 (if easy possible) would solve this issue.

      Best regards, Robert

      Attachments

        Activity

          People

            martin_s Martin Schreier
            rvelter Robert Velter
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment