Opened 4 years ago
Last modified 4 years ago
#21657 closed defect
[PATCH] Update log4j to 2.15.0 (CVE-2021-44228) — at Version 1
| Reported by: | taylor.smock | Owned by: | team |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Plugin | Version: | |
| Keywords: | log4j cve | Cc: |
Description (last modified by )
This fixes CVE-2021-44228 by default.
In addition there are some other enhancements, but it does claim to be binary compatible with previous releases.
log4j is used directly or indirectly by the following plugins:
- areaselector
- routing
- ImportImagePlugin
- kendzi3d
AFAIK, none of those have remote control capabilities, so the CVE shouldn't affect JOSM.
Change History (2)
by , 4 years ago
| Attachment: | 21657.patch added |
|---|
comment:1 by , 4 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
Bump log4j version