1

Eclipse Vert.x and Log4j 2 CVE-2021-44228

 2 years ago
source link: https://vertx.io/blog/CVE-2021-44228/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Eclipse Vert.x and Log4j 2 CVE-2021-44228

A re­cent CVE-2021-44228 has been dis­closed that af­fects the Log4j 2 li­brary.

The Vert.x project can op­tion­ally use this li­brary for log­ging but does not ship or di­rectly de­pends on this li­brary and there­fore is not af­fected by this CVE.

In prac­tice an ap­pli­ca­tion using Vert.x might use it but needs to ex­plic­itly de­pend on this li­brary, in such case the Log4j 2 de­pen­dency ver­sion must be up­graded to 2.15.0 or later.

The Vert.x team will pro­vide this week Vert.x patch re­leases that up­date the op­tional or test de­pen­den­cies of Log4j 2:

  • Vert.x 4.2.2 which was ex­pected to be de­liv­ered soon and con­tains other bug fixes
  • Vert.x 4.1.7 the pre­vi­ous sta­ble branch
  • Vert.x 3.9.11 the last sta­ble branch of Vert.x 3 will is sup­ported until end of 2022

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK