[TIKA-3638] Log4J vulnerability mitigation by upgrading to latest - ASF Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.28, 2.2.1
Fix Version/s: 1.28.1, 2.3.0
Component/s: None
Labels:
None

Description

Noticeable Vulnerability for log4j is still persistent in log4j 2.17.0.

Upgrading to 2.17.1 (and any latest that may come up before release).

Ref:

https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.0

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832

https://issues.apache.org/jira/browse/LOG4J2-3293

Attachments

Issue Links

duplicates

TIKA-3669 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

Resolved

links to

GitHub Pull Request #473

GitHub Pull Request #474

Activity

People

Assignee:: Unassigned

Reporter:: Subhajit Das

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 04/Jan/22 06:33

Updated:: 07/Feb/22 16:21

Resolved:: 05/Jan/22 12:09