Uploaded image for project: 'Axis2'
  1. Axis2
  2. AXIS2-6020

Patch for CVE-2021-44228

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • 1.8.0
    • None
    • None

    Description

      With Axis2 v1.8.0, you are shipping log4j-api-2.14.1.jar and log4j-core-2.14.1.jar files. So could you please throw some light on what is the roadmap to address the recent log4j 2 vulnerability: CVE-2021-44228 and any such previous vulnerabilities (E.g: CVE-2021-45105, CVE-2021-4104 etc.) or are the shipped DLLs are already patched against the vulnerability? Or please provide details on if we can replace shipped log4j jar files with latest patch jars before deploying our applications or any alternative?

      Thanks!

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. AXIS2-6017 Is Axis2 vulnerable to Log4shell?

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              sivagopal Siva Gopal
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: