[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mina-dev
Subject:    [jira] [Created] (SSHD-1248) Log4J2 Security Vulneralibility ( CVE-2021-44832 )
From:       "Putra Nugraha (Jira)" <jira () apache ! org>
Date:       2022-02-23 3:59:48
Message-ID: JIRA.13430073.1645588792000.341100.1645588800048 () Atlassian ! JIRA
[Download RAW message or body]

Putra Nugraha created SSHD-1248:
-----------------------------------

             Summary: Log4J2 Security Vulneralibility ( CVE-2021-44832 )
                 Key: SSHD-1248
                 URL: https://issues.apache.org/jira/browse/SSHD-1248
             Project: MINA SSHD
          Issue Type: Question
    Affects Versions: 2.8.0
            Reporter: Putra Nugraha


Upon checking a possible security vulnerabilities, I noticed MINA SSHD is u=
sing Log4J2 version 2.14.1 and Log4J2 made some fixes in the later version =
( 2.17.1 for Java 8 ) which one if it is related to security vulnerabilitie=
s to RCE.

=C2=A0

May I know if there is any plan on MINA SSHD to adapt the above fix? Or can=
 we please have this fixed if not planned?

=C2=A0

Further details on the above Log4J security vulnerabilities can be found he=
re
https://logging.apache.org/log4j/2.x/security.html



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]