This repository has been archived by the owner on Feb 2, 2023. It is now read-only.
[Product Update]: Apache - Struts2 #419
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Product vendor
Apache
Product name
Struts 2
Context
The Apache Struts group is pleased to announce that Struts 2.5.28.3 is
available as a "General Availability"
+release. The GA designation is our highest quality grade.
+
+This release addresses Log4j vulnerability
CVE-2021-44832
+by using the latest Log4j ver. 2.12.4 (Java 1.7 compatible).
+
+Please note, that the Apache Struts itself depends on the
log4j-apipackage only, it's users' responsibility
+to use a proper version of the log4j-core package!
https://www.mail-archive.com/[email protected]/msg18376.html
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.3
Product version(s)
everything before 2.5.28.3
Product status
Fixed
Product update
Available
Product update link
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.3
Last updated
2021-12-30
Notes
Internal Changes
(warning) Log4j has been upgrade to version 2.12.4 to address security vulnerability CVE-2021-44832, more details can be found on the Log4j page.
Please note, that the Apache Struts itself depends on the log4j-api package only, it's users' responsibility to use a proper version of the log4j-core package!
References
No response
The text was updated successfully, but these errors were encountered: