GNU bug report logs - #52421
[PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.

Previous Next

Package: guix-patches;

Reported by: Julien Lepiller <julien <at> lepiller.eu>

Date: Sat, 11 Dec 2021 02:19:02 UTC

Severity: normal

Tags: patch

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

Message #23 received at 52421 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Julien Lepiller <julien <at> lepiller.eu>
Cc: 52421 <at> debbugs.gnu.org
Subject: Re: bug#52421: [PATCH][SECURITY] gnu: java-log4j-api: Update to
 2.15.0.
Date: Sat, 11 Dec 2021 22:08:27 +0100

Hi,

Julien Lepiller <julien <at> lepiller.eu> skribis:

> today I learnt about a CVE on log4j. Looking more closely, it seems
> that log4j2 has had 3 CVEs (at least 3 are listed on
> https://logging.apache.org/log4j/2.x/security.html) and we're
> vulnerable to all of them \o/
>
> This series updates to the latest version. Thankfully, log4j keeps a
> stable API, so there's no breakage in dependents, but a few
> dependencies had to be added/updated.

I had a quick look and it all LGTM.

Thanks for taking care of it!

Ludo’.

This bug report was last modified 3 years and 220 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #52421 [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.

GNU bug report logs - #52421
[PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.