Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-5770

Upgrade log4j 2 to 2.17.1

    XMLWordPrintable

Details

    Description

      Further CVEs have been reported against log4j-core – CVE-2021-45105 and CVE-2021-44832. WildFly and WildFly Core don't ship log4j-core, only log4j-api but it's simpler just to move to Log4j releases that don't match the CPE for the CVEs than to explain the api vs core distinction.

      This is already fixed in main via the dependabot PR https://github.com/wildfly/wildfly-core/pull/4913, but this JIRA can serve to flag it up in the release notes. For 18.x I'll send up a PR.

      Attachments

        Activity

          People

            bstansbe@redhat.com Brian Stansberry
            bstansbe@redhat.com Brian Stansberry
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: