-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade checks to Log4j 2.17.0 #19360
Comments
ljacomet
added a commit
that referenced
this issue
Dec 20, 2021
This is required following discovery of https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 Fixes #19360
Done through #19363 |
Is this not being backported to Gradle 6.9.2 anymore? |
ghubstan
added a commit
to ghubstan/bisq2
that referenced
this issue
Dec 25, 2021
Upgrade checks to Log4j 2.17.0 See gradle/gradle#19360
@ljacomet Do you think we should upgrade Refer CVE-2021-44832 |
Gradle 7.4 will upgrade the checks to use log4j 2.17.1 - see #19526 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Following discovery of CVE-2021-45105, Gradle should update its fixes done for the previous Log4j CVEs.
While Gradle is not affected, following up seems logical given:
The following has been done in Gradle:
log4j-core
to2.17.0
on the zinc compiler classpath when using the scala plugin.and requires
2.17.0`More information on our blog post.
The text was updated successfully, but these errors were encountered: