[prev in list] [next in list] [prev in thread] [next in thread]
List: mina-dev
Subject: [jira] [Created] (SSHD-1248) Log4J2 Security Vulneralibility ( CVE-2021-44832 )
From: "Putra Nugraha (Jira)" <jira () apache ! org>
Date: 2022-02-23 3:59:48
Message-ID: JIRA.13430073.1645588792000.341100.1645588800048 () Atlassian ! JIRA
[Download RAW message or body]
Putra Nugraha created SSHD-1248:
-----------------------------------
Summary: Log4J2 Security Vulneralibility ( CVE-2021-44832 )
Key: SSHD-1248
URL: https://issues.apache.org/jira/browse/SSHD-1248
Project: MINA SSHD
Issue Type: Question
Affects Versions: 2.8.0
Reporter: Putra Nugraha
Upon checking a possible security vulnerabilities, I noticed MINA SSHD is u=
sing Log4J2 version 2.14.1 and Log4J2 made some fixes in the later version =
( 2.17.1 for Java 8 ) which one if it is related to security vulnerabilitie=
s to RCE.
=C2=A0
May I know if there is any plan on MINA SSHD to adapt the above fix? Or can=
we please have this fixed if not planned?
=C2=A0
Further details on the above Log4J security vulnerabilities can be found he=
re
https://logging.apache.org/log4j/2.x/security.html
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic