Description
See Apache Log4j Security Vulnerabilities.
Notes:
- the released 1.18 is not directly affected because it uses log4j 1.x which is not affected by CVE-2021-44228. The upgrade from log4j 1.x to 2.14.1 was done recently by
NUTCH-2885. - the plugin indexer-elastic includes a transitive dependency to log4j-api-2.11.1 which is not affected - only log4j-core is according to comments by slf4j.
Attachments
Issue Links
- links to