- Update log4j to 2.17.1 for CVE-2021-44832 RCE via JDBC Appender (when attacker controls config)

This commit is contained in:
Paul Wouters 2021-12-28 15:56:45 -05:00
parent 5c70a72ed7
commit 4d2af057d4
3 changed files with 8 additions and 4 deletions

1
.gitignore vendored
View File

@ -23,3 +23,4 @@
/apache-log4j-2.15.0-src.tar.gz
/apache-log4j-2.16.0-src.tar.gz
/apache-log4j-2.17.0-src.tar.gz
/apache-log4j-2.17.1-src.tar.gz

View File

@ -1,14 +1,14 @@
%bcond_without jp_minimal
Name: log4j
Version: 2.17.0
Version: 2.17.1
Release: 1%{?dist}
Summary: Java logging package
BuildArch: noarch
License: ASL 2.0
URL: http://logging.apache.org/%{name}
Source0: http://www.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz
URL: https://logging.apache.org/%{name}
Source0: https://www.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz
Patch2: logging-log4j-Remove-unsupported-EventDataConverter.patch
@ -284,6 +284,9 @@ rm -r log4j-1.2-api/src/main/java/org/apache/log4j/or/jms
%changelog
* Tue Dec 28 2021 Paul Wouters <paul.wouters@aiven.io> - 2.17.1-1
- Update log4j to 2.17.1 for CVE-2021-44832 RCE via JDBC Appender (when attacker controls config)
* Sat Dec 18 2021 Paul Wouters <paul.wouters@aiven.io> - 2.17.0-1
- Update log4j to 2.17.0 for CVE-2021-45105 Denial of Service attack

View File

@ -1 +1 @@
SHA512 (apache-log4j-2.17.0-src.tar.gz) = 23433baa39a8cc76164ae96307e85b9e4ea671028015df6171bfaf025a1e1aaacf76a94a1beef67aada56952f013a8eae94024869a8530f42a3747ba70cc3a90
SHA512 (apache-log4j-2.17.1-src.tar.gz) = 21cdfca54eb0d6af261a5ae89ff98197473d9c0203b0ab530f3aef6c90957bfb95a423983c8a19d7fbab05ec194b6fad8e46628e32270dd8b94ddd194a1cb177