Update to log4j 2.15.0 to fix security issue #11907

normanmaurer · 2021-12-10T10:50:32Z

Motivation:

log4j 2.15.0 was released to fix a 0-day security issue. While the log4j dependency is fully optional we should still upgrade

Modifications:

Upgrade to 2.15.0

Result:

Use non-affected log4j version

Motivation: log4j 2.15.0 was released to fix a 0-day security issue. While the log4j dependency is fully optional we should still upgrade. See https://www.lunasec.io/docs/blog/log4j-zero-day/ Modifications: Upgrade to 2.15.0 Result: Use non-affected log4j version

normanmaurer · 2021-12-10T11:00:08Z

See #11905

Motivation: log4j 2.15.0 was released to fix a 0-day security issue. While the log4j dependency is fully optional we should still upgrade. See https://www.lunasec.io/docs/blog/log4j-zero-day/ Modifications: Upgrade to 2.15.0 Result: Use non-affected log4j version

normanmaurer force-pushed the log4j branch from 6fb5302 to 6f6bf63 Compare December 10, 2021 10:51

normanmaurer added this to the 4.1.72.Final milestone Dec 10, 2021

chrisvest approved these changes Dec 10, 2021

View reviewed changes

normanmaurer merged commit 4312720 into 4.1 Dec 10, 2021

normanmaurer deleted the log4j branch December 10, 2021 13:33

This was referenced Dec 14, 2021

Use log4j2.version variable instead of fixed version for log4j-1.2-api in pom.xml #11924

Merged

Update to log4j2 2.16.0 #11923

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update to log4j 2.15.0 to fix security issue #11907

Update to log4j 2.15.0 to fix security issue #11907

normanmaurer commented Dec 10, 2021

normanmaurer commented Dec 10, 2021

Update to log4j 2.15.0 to fix security issue #11907

Update to log4j 2.15.0 to fix security issue #11907

Conversation

normanmaurer commented Dec 10, 2021

normanmaurer commented Dec 10, 2021