Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.16 vulnerable, expect 2.17 #361

Closed
OlivierMasit opened this issue Dec 18, 2021 · 3 comments
Closed

2.16 vulnerable, expect 2.17 #361

OlivierMasit opened this issue Dec 18, 2021 · 3 comments

Comments

@OlivierMasit
Copy link

Hi it seems that news vulns have been found on 2.16
Not clear yet from what I read...

https://issues.apache.org/jira/plugins/servlet/mobile#issue/LOG4J2-3230
@OlivierMasit
Copy link
Author

Confirmed https://nvd.nist.gov/vuln/detail/CVE-2021-45105

@breadchris
Copy link
Contributor

@OlivierMasit thanks for the heads up! We have also seen this and will probably include this as an update to an existing post, but since the severity is so low, I don’t know if we will make a dedicated blog post for it.

@breadchris breadchris mentioned this issue Dec 19, 2021
Merged
@freeqaz
Copy link
Member

freeqaz commented Dec 19, 2021

I'm closing this out now that we've updated the guidance (it's mid-deploy now). We should probably write up a post dedicated to 2.17.0 and the DOS issue, but I might not have time for that until tomorrow. Too many IRL tasks piling up!

@freeqaz freeqaz closed this as completed Dec 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@breadchris @freeqaz @OlivierMasit