Skip to content

Commit

Permalink
Fixed: [SECURITY] CVE-2021-44228: Apache Log4j2 (OFBIZ-12449)
Browse files Browse the repository at this point in the history
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker
controlled LDAP and other JNDI related endpoints:
https://logging.apache.org/log4j/2.x/security.html

I'm not sure we are concerned, have no time to check, better safe than sorry...
  • Loading branch information
JacquesLeRoux committed Dec 11, 2021
1 parent 14f7fed commit bccf140
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ dependencies {
compile 'org.apache.geronimo.components:geronimo-transaction:3.1.4'
compile 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
compile 'org.apache.httpcomponents:httpclient-cache:4.5.6'
compile 'org.apache.logging.log4j:log4j-api:2.11.1' // the API of log4j 2
compile 'org.apache.logging.log4j:log4j-api:2.15.0' // the API of log4j 2
compile 'org.apache.poi:poi:3.17'
compile 'org.apache.pdfbox:pdfbox:2.0.24'
compile 'org.apache.shiro:shiro-core:1.4.0'
Expand Down Expand Up @@ -231,11 +231,11 @@ dependencies {
runtime 'org.apache.axis2:axis2-transport-local:1.7.8'
runtime 'org.apache.derby:derby:10.14.2.0'
runtime 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:1.1'
runtime 'org.apache.logging.log4j:log4j-1.2-api:2.11.1' // for external jars using the old log4j1.2: routes logging to log4j 2
runtime 'org.apache.logging.log4j:log4j-core:2.11.1' // the implementation of the log4j 2 API
runtime 'org.apache.logging.log4j:log4j-jul:2.11.1' // for external jars using the java.util.logging: routes logging to log4j 2
runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.11.1' // for external jars using slf4j: routes logging to log4j 2
runtime 'org.apache.logging.log4j:log4j-jcl:2.11.1' // need to constrain to version to avoid classpath conflict (ReflectionUtil)
runtime 'org.apache.logging.log4j:log4j-1.2-api:2.15.0' // for external jars using the old log4j1.2: routes logging to log4j 2
runtime 'org.apache.logging.log4j:log4j-core:2.15.0' // the implementation of the log4j 2 API
runtime 'org.apache.logging.log4j:log4j-jul:2.15.0' // for external jars using the java.util.logging: routes logging to log4j 2
runtime 'org.apache.logging.log4j:log4j-slf4j-impl:2.15.0' // for external jars using slf4j: routes logging to log4j 2
runtime 'org.apache.logging.log4j:log4j-jcl:2.15.0' // need to constrain to version to avoid classpath conflict (ReflectionUtil)
runtime 'org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380'

// plugin libs
Expand Down

0 comments on commit bccf140

Please sign in to comment.