|
From: | GNU bug Tracking System |
Subject: | bug#52421: closed ([PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.) |
Date: | Sun, 12 Dec 2021 18:26:02 +0000 |
Your message dated Sun, 12 Dec 2021 19:25:44 +0100 with message-id <20211212192544.0b4015e2@tachikoma.lepiller.eu> and subject line Re: bug#52421: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0. has caused the debbugs.gnu.org bug report #52421, regarding [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0. to be marked as done. (If you believe you have received this mail in error, please contact help-debbugs@gnu.org.) -- 52421: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=52421 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems
--- Begin Message ---Subject: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0. Date: Sat, 11 Dec 2021 03:11:59 +0100 Hi Guix! today I learnt about a CVE on log4j. Looking more closely, it seems that log4j2 has had 3 CVEs (at least 3 are listed on https://logging.apache.org/log4j/2.x/security.html) and we're vulnerable to all of them \o/ This series updates to the latest version. Thankfully, log4j keeps a stable API, so there's no breakage in dependents, but a few dependencies had to be added/updated.
--- End Message ---
--- Begin Message ---Subject: Re: bug#52421: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0. Date: Sun, 12 Dec 2021 19:25:44 +0100 Thanks for the review. I added remarks from IRC and pushed the update as 5259513d5e5a918bb44b87ab7a562621cc78c945 to d5cfca23e30a9166d49faf0b48cca3ee27699f7a.
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |