Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-13878

upgrade to log4j2 2.17.1 and pax-logging 1.11.13/2.0.14

    XMLWordPrintable

    Details

    • Story Points:
      1
    • Sprint:
      Horizon 21/22 - Dec 15- Jan 5, Horizon 22 - Jan 5 - Jan 19

      Description

      While there continue to be new CVEs related to log4j, I believe they don't affect us unless an attacker has filesystem access to the configuration files.

      That said, it's worth keeping up just to eliminate any possible issues that upstream has solved in these patches.

        Attachments

          Activity

            People

            Assignee:
            ranger Benjamin Reed
            Reporter:
            ranger Benjamin Reed
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration