Uploaded image for project: 'Pluto'
  1. Pluto
  2. PLUTO-787

Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228

    XMLWordPrintableJSON

Details

    Description

      This task involves migrating the following dependencies from Log4j 1.x to Log4j 2.x due to CVE-2019-17571:

      • log4j:log4j -> org.apache.logging.log4j:log4j-api-2.16.0
      • org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.16.0

      Also, due to CVE-2021-44228 (which only affects Log4j2) it is necessary to use version 2.16.0 at a minimum.

      Attachments

        Activity

          People

            ngriffin7a Neil Griffin (Inactive)
            ngriffin7a Neil Griffin (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: