[WW-5151] Bump to 2.15.0 to fix log4j vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27
Fix Version/s: 6.0.0
Component/s: Core Actions, Other
Labels:
None
Environment:

Any version that uses log4j before 2.15.0

Flags:

Patch, Important
External issue URL:
https://github.com/apache/struts/pull/511
Language:
- Java

Description

Hello,

It seems Apache struts is affected by the log4j vulnerability. I've shared my findings with the security team privately where you could review the vulnerable code paths.

Github PR: https://github.com/apache/struts/pull/511

Attachments

Issue Links

links to

GitHub Pull Request #511

Activity

People

Assignee:: Unassigned

Reporter:: Paulino Calderon

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Dec/21 07:08

Updated:: 14/Jun/22 09:47

Resolved:: 12/Dec/21 12:13

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

40m