Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-1610

Update Log4j 2 API to 2.15.0 - 2.2

    XMLWordPrintable

Details

    • Component Upgrade
    • Resolution: Done
    • Major
    • 2.2.5.GA
    • None
    • team/eng
    • None

    Description

      Please don't merge, I will merge it myself.

      While we are not affected by CVE-2021-4428 as we are only using the
      Log4j2 API and not the implementation which contains the security flaw,
      security scanners are known to not always be as fine grained as we would
      have liked and we don't want Quarkus to be reported as unsafe because of
      false positives.

      (cherry picked from commit aead1da0e08a4fc8f57036de83afc78ad472c072)

      Attachments

        Activity

          People

            Unassigned Unassigned
            probinso_jira Quarkus JIRA Bot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: