Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade log4j to 2.15.0 - CVE-2021-44228 #11717

Merged
merged 1 commit into from
Dec 13, 2021
Merged

Upgrade log4j to 2.15.0 - CVE-2021-44228 #11717

merged 1 commit into from
Dec 13, 2021

Conversation

rhowe
Copy link
Contributor

@rhowe rhowe commented Dec 11, 2021

All Submissions:

  • Have you followed the guidelines in our Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same update/change?

New Feature Submissions:

  1. TBD Does your submission pass tests?
  2. N/A Have you lint your code locally prior to submission?

Changes to Core Features:

N/A

@CLAassistant
Copy link

CLAassistant commented Dec 11, 2021
edited
Loading

CLA assistant check)
All committers have signed the CLA.

@per1234 per1234 added the security Security fixes / bugs / improvements label Dec 11, 2021
@cmaglie cmaglie merged commit 8ae1f94 into arduino:master Dec 13, 2021
@cmaglie
Copy link
Member

cmaglie commented Dec 13, 2021

Thanks @rhowe!

Here the sha256 checksum of the binaries:

e7048ad52e3b6f1267b7ceb2c07200a5ce61271bcf59f98fd238bf60e4137932  log4j-core-2.15.0.jar
254d2e61e530b9b210ddd1ae599e91ee8e37a5bfcafaeba98cfc338ca6eea3e9  log4j-api-2.15.0.jar

they match with the distributed binaries from apache.org

@rhowe rhowe deleted the update-log4j branch December 13, 2021 08:51
@ItsIgnacioPortal
Copy link

Great. When will this hotfix release come out?

@per1234
Copy link
Collaborator

per1234 commented Dec 13, 2021

Please see this page for all the related information from Arduino:

https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228

@per1234 per1234 mentioned this pull request Dec 14, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security Security fixes / bugs / improvements
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rhowe @CLAassistant @cmaglie @ItsIgnacioPortal @per1234