[PLUTO-787] Migrate to Log4j 2.16.0 due to CVE-2019-17571 and CVE-2021-44228 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.1.1
Component/s: demo portlets, maven archetypes
Labels:
None

Description

This task involves migrating the following dependencies from Log4j 1.x to Log4j 2.x due to CVE-2019-17571:

log4j:log4j -> org.apache.logging.log4j:log4j-api-2.16.0
org.slf4j:slf4j-log4j12 -> org.apache.logging.log4j:log4j-slf4j-impl-2.16.0

Also, due to CVE-2021-44228 (which only affects Log4j2) it is necessary to use version 2.16.0 at a minimum.

Attachments

Activity

People

Assignee:: Neil Griffin (Inactive)

Reporter:: Neil Griffin (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Jun/21 18:14

Updated:: 15/Dec/21 18:50

Resolved:: 15/Dec/21 18:50