Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Duplicate
-
1.8.0
-
None
-
None
Description
With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and log4j-core-2.14.1.jar files. So could you please throw some light on what is the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and any such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.) or are the shipped DLLs are already patched against the vulnerability? Or please provide details on if we can replace shipped log4j jar files with latest patch jars before deploying our applications or any alternative?
Thanks!
Attachments
Issue Links
- is duplicated by
-
AXIS2-6017 Is Axis2 vulnerable to Log4shell?
- Open