Closed rbocsi closed 2 years ago
Sorry for reopen the issue but there was an update to this vulnerability. The first fix was not complete successfull. A newer one is online under the link mentioned above.
@BlackRose01 Thank you for your notice. Yesterday a fix has been merged into the development as an update to version Log4j 2.16.0 . In the comment it states it fix CVE-2021-45046 but according the Log4J documentation it is also a fix for CVE-2021-44228.
ht tps://logging.apache.org/log4j/2.x/
Fixing Log4J2 Vulnerability
https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot