Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-3669

CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.2.1
    • 2.3.0
    • app, server
    • None

    Description

      Possible to get Apache Log4j2 bumped up to version 2.17.1 in Tika?  I didn't see it mentioned in the pre-release notes for Tika 2.3.0 so I thought I'd ask here. Since it seems like log4j2 changes have ceased being a moving target, it'd be excellent to just have the latest and greatest version.

      Apache Log4j Security Vulnerabilities

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. TIKA-3638 Log4J vulnerability mitigation by upgrading to latest

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              jmbox80 Josh Burchard
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: