eclipse-arrowhead / core-java-spring

Eclipse Public License 2.0
28 stars 51 forks source link

Update pom.xml (Fixing Log4J2 Vulnerability) #365

Closed rbocsi closed 2 years ago

rbocsi commented 2 years ago

Fixing Log4J2 Vulnerability

https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot

BlackRose01 commented 2 years ago

Sorry for reopen the issue but there was an update to this vulnerability. The first fix was not complete successfull. A newer one is online under the link mentioned above.

MaGaMeGa commented 2 years ago

@BlackRose01 Thank you for your notice. Yesterday a fix has been merged into the development as an update to version Log4j 2.16.0 . In the comment it states it fix CVE-2021-45046 but according the Log4J documentation it is also a fix for CVE-2021-44228.

ht tps://logging.apache.org/log4j/2.x/