Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-13878

upgrade to log4j2 2.17.1 and pax-logging 1.11.13/2.0.14

    XMLWordPrintable

Details

    • 1
    • Horizon 21/22 - Dec 15- Jan 5, Horizon 22 - Jan 5 - Jan 19

    Description

      While there continue to be new CVEs related to log4j, I believe they don't affect us unless an attacker has filesystem access to the configuration files.

      That said, it's worth keeping up just to eliminate any possible issues that upstream has solved in these patches.

      Attachments

        Issue Links

          Activity

            People

              ranger Benjamin Reed
              ranger Benjamin Reed
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: