GNU bug report logs - #52421
[PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.

Previous Next

Package: guix-patches;

Reported by: Julien Lepiller <julien <at> lepiller.eu>

Date: Sat, 11 Dec 2021 02:19:02 UTC

Severity: normal

Tags: patch

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Julien Lepiller <julien <at> lepiller.eu>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#52421: closed ([PATCH][SECURITY] gnu: java-log4j-api: Update
 to 2.15.0.)
Date: Sun, 12 Dec 2021 18:26:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Sun, 12 Dec 2021 19:25:44 +0100
with message-id <20211212192544.0b4015e2 <at> tachikoma.lepiller.eu>
and subject line Re: bug#52421: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.
has caused the debbugs.gnu.org bug report #52421,
regarding [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
52421: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=52421
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Julien Lepiller <julien <at> lepiller.eu>
To: guix-patches <at> gnu.org
Subject: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.
Date: Sat, 11 Dec 2021 03:11:59 +0100

Hi Guix!

today I learnt about a CVE on log4j. Looking more closely, it seems
that log4j2 has had 3 CVEs (at least 3 are listed on
https://logging.apache.org/log4j/2.x/security.html) and we're
vulnerable to all of them \o/

This series updates to the latest version. Thankfully, log4j keeps a
stable API, so there's no breakage in dependents, but a few
dependencies had to be added/updated.



[Message part 3 (message/rfc822, inline)]
From: Julien Lepiller <julien <at> lepiller.eu>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 52421-done <at> debbugs.gnu.org
Subject: Re: bug#52421: [PATCH][SECURITY] gnu: java-log4j-api: Update to
 2.15.0.
Date: Sun, 12 Dec 2021 19:25:44 +0100

Thanks for the review. I added remarks from IRC and pushed the update
as 5259513d5e5a918bb44b87ab7a562621cc78c945 to
d5cfca23e30a9166d49faf0b48cca3ee27699f7a.
This bug report was last modified 3 years and 158 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.