Uploaded image for project: 'Tika'
  1. Tika
  2. TIKA-3638

Log4J vulnerability mitigation by upgrading to latest

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.28, 2.2.1
    • 1.28.1, 2.3.0
    • None
    • None

    Description

      Noticeable Vulnerability for log4j is still persistent in log4j 2.17.0.

      Upgrading to 2.17.1 (and any latest that may come up before release).

       

      Ref:

      https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.0

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832

      https://issues.apache.org/jira/browse/LOG4J2-3293

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. TIKA-3669 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #473

          Web Link GitHub Pull Request #474

          Activity

            People

              Unassigned Unassigned
              subhajitdas298 Subhajit Das
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: