Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump: log4j to 2.15.0 #1839

Merged
merged 2 commits into from
Dec 10, 2021
Merged

Bump: log4j to 2.15.0 #1839

merged 2 commits into from
Dec 10, 2021

Conversation

kimtruth
Copy link
Contributor

📜 Description

Bump log4j-api,log4j-core from 2.13.3 to 2.15.0

💡 Motivation and Context

CVE-2021-44228
Log4j versions prior to 2.15.0 are subject to a remote code execution vulnerability via the ldap JNDI parser.

💚 How did you test it?

📝 Checklist

  • I reviewed the submitted code
  • I added tests to verify the changes
  • I updated the docs if needed
  • No breaking changes

🔮 Next steps

@codecov-commenter
Copy link

codecov-commenter commented Dec 10, 2021
edited
Loading

Codecov Report

Merging #1839 (a8a3c77) into main (b182c6e) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##               main    #1839   +/-   ##
=========================================
  Coverage     75.69%   75.69%           
  Complexity     2194     2194           
=========================================
  Files           218      218           
  Lines          7810     7810           
  Branches        828      828           
=========================================
  Hits           5912     5912           
  Misses         1496     1496           
  Partials        402      402

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b182c6e...a8a3c77. Read the comment docs.

maciejwalkowiak
maciejwalkowiak approved these changes Dec 10, 2021
View reviewed changes
Copy link
Contributor

@maciejwalkowiak maciejwalkowiak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@kimtruth kimtruth changed the title Bump log4j-api, log4j-core from 2.13.3 to 2.15.0 Bump: log4j to 2.15.0 Dec 10, 2021
@bruno-garcia bruno-garcia merged commit 3559f27 into getsentry:main Dec 10, 2021
@bruno-garcia
Copy link
Member

Thanks!

@zagorulkinde
Copy link

Hello, is it version had been updated on central? 5.0.5 does not have this CVE? Thanks in advance.

@marandaneto
Copy link
Contributor

Hello, is it version had been updated on central? 5.0.5 does not have this CVE? Thanks in advance.

https://github.com/getsentry/sentry-java/releases/tag/5.5.0

@btrigueiro btrigueiro mentioned this pull request Dec 16, 2021
Closed
8 tasks
maciejwalkowiak pushed a commit that referenced this pull request Jan 5, 2022
@kimtruth @maciejwalkowiak
Bump: log4j to 2.15.0 (#1839)
e726347
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maciejwalkowiak maciejwalkowiak maciejwalkowiak approved these changes

@bruno-garcia bruno-garcia bruno-garcia approved these changes

@marandaneto marandaneto Awaiting requested review from marandaneto

@romtsn romtsn Awaiting requested review from romtsn romtsn is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kimtruth @codecov-commenter @bruno-garcia @zagorulkinde @marandaneto @maciejwalkowiak