Eclipse Vert.x and Log4j 2 CVE-2021-44228
source link: https://vertx.io/blog/CVE-2021-44228/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Eclipse Vert.x and Log4j 2 CVE-2021-44228
A recent CVE-2021-44228 has been disclosed that affects the Log4j 2 library.
The Vert.x project can optionally use this library for logging but does not ship or directly depends on this library and therefore is not affected by this CVE.
In practice an application using Vert.x might use it but needs to explicitly depend on this library, in such case the Log4j 2 dependency version must be upgraded to 2.15.0 or later.
The Vert.x team will provide this week Vert.x patch releases that update the optional or test dependencies of Log4j 2:
- Vert.x 4.2.2 which was expected to be delivered soon and contains other bug fixes
- Vert.x 4.1.7 the previous stable branch
- Vert.x 3.9.11 the last stable branch of Vert.x 3 will is supported until end of 2022
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK