Log4j 2.17 for CVE-2021-45105 #11727

PaulStoffregen · 2021-12-18T13:29:41Z

Yet another log4j update for another vulnerability!

Not a duplicate of #11722 / #11723 version 2.16 for CVE-2021-44228.

Version 2.17 addresses CVE-2021-45105.

PaulStoffregen · 2021-12-20T15:37:58Z

1.8.19? Edit - oh, now I see 5e38fe2

PaulStoffregen · 2021-12-29T08:15:03Z

@cmaglie - Your fix for future log4j CVEs is paying dividends today, with CVE-2021-44832

cmaglie · 2021-12-29T09:06:35Z

Heh, I felt it, there are too many eyes on log4j right now...

per1234 added the security label Dec 18, 2021

cmaglie added a commit to cmaglie/Arduino that referenced this issue Dec 20, 2021

Removed log4j

9f8d192

Fix arduino#11727

cmaglie linked a pull request Dec 20, 2021 that will close this issue

Remove log4j, to fix current and future CVEs. #11730

Merged

per1234 pinned this issue Dec 20, 2021

cmaglie closed this as completed in #11730 Dec 20, 2021

per1234 unpinned this issue Jan 7, 2022

Provide feedback