[NMS-13878] upgrade to log4j2 2.17.1 and pax-logging 1.11.13/2.0.14 - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Meridian-2019.1.29, Meridian-2020.1.18, Meridian-2021.1.10, 29.0.5
Component/s: None
Security Level: Default (Default Security Scheme)
Labels:
None

Story Points:
1
Sprint:
Horizon 21/22 - Dec 15- Jan 5, Horizon 22 - Jan 5 - Jan 19

Description

While there continue to be new CVEs related to log4j, I believe they don't affect us unless an attacker has filesystem access to the configuration files.

That said, it's worth keeping up just to eliminate any possible issues that upstream has solved in these patches.

Attachments

Issue Links

is cloned by

NMS-14224 Upgrade to pax-logging 2.0.15

Open

Activity

People

Assignee:: Benjamin Reed

Reporter:: Benjamin Reed

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 04/Jan/22 4:08 PM

Updated:: 27/Apr/22 7:56 AM

Resolved:: 06/Jan/22 9:44 PM

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.