[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mina-dev
Subject:    [jira] [Updated] (SSHD-1248) Log4J2 Security Vulneralibility ( CVE-2021-44832 )
From:       "Putra Nugraha (Jira)" <jira () apache ! org>
Date:       2022-02-28 7:07:00
Message-ID: JIRA.13430073.1645588792000.362058.1646032020029 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/SSHD-1248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Putra Nugraha updated SSHD-1248:
--------------------------------
    Attachment: image-2022-02-28-15-06-13-418.png

> Log4J2 Security Vulneralibility ( CVE-2021-44832 )
> --------------------------------------------------
> 
> Key: SSHD-1248
> URL: https://issues.apache.org/jira/browse/SSHD-1248
> Project: MINA SSHD
> Issue Type: Question
> Affects Versions: 2.8.0
> Reporter: Putra Nugraha
> Priority: Major
> Attachments: effective-pom.xml, image-2022-02-28-15-06-13-418.png
> 
> 
> Upon checking a possible security vulnerabilities, I noticed MINA SSHD is using \
> Log4J2 version 2.14.1 and Log4J2 made some fixes in the later version ( 2.17.1 for \
> Java 8 ) which one if it is related to security vulnerabilities to RCE. 
> May I know if there is any plan on MINA SSHD to adapt the above fix? Or can we \
> please have this fixed if not planned? 
> Further details on the above Log4J security vulnerabilities can be found here
> https://logging.apache.org/log4j/2.x/security.html



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]