Uploaded image for project: 'Nutch'
  1. Nutch
  2. NUTCH-2915

Upgrade to log4j 2.15.0

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 1.19
    • 1.19
    • logging
    • None

    Description

      See Apache Log4j Security Vulnerabilities.

      Notes:

      • the released 1.18 is not directly affected because it uses log4j 1.x which is not affected by CVE-2021-44228. The upgrade from log4j 1.x to 2.14.1 was done recently by NUTCH-2885.
      • the plugin indexer-elastic includes a transitive dependency to log4j-api-2.11.1 which is not affected - only log4j-core is according to comments by slf4j.

      Attachments

        Activity

          People

            snagel Sebastian Nagel
            snagel Sebastian Nagel
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: