- Update log4j to 2.17.1 for CVE-2021-44832 RCE via JDBC Appender (when attacker controls config)
This commit is contained in:
parent
5c70a72ed7
commit
4d2af057d4
1
.gitignore
vendored
1
.gitignore
vendored
@ -23,3 +23,4 @@
|
||||
/apache-log4j-2.15.0-src.tar.gz
|
||||
/apache-log4j-2.16.0-src.tar.gz
|
||||
/apache-log4j-2.17.0-src.tar.gz
|
||||
/apache-log4j-2.17.1-src.tar.gz
|
||||
|
||||
@ -1,14 +1,14 @@
|
||||
%bcond_without jp_minimal
|
||||
|
||||
Name: log4j
|
||||
Version: 2.17.0
|
||||
Version: 2.17.1
|
||||
Release: 1%{?dist}
|
||||
Summary: Java logging package
|
||||
BuildArch: noarch
|
||||
License: ASL 2.0
|
||||
|
||||
URL: http://logging.apache.org/%{name}
|
||||
Source0: http://www.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz
|
||||
URL: https://logging.apache.org/%{name}
|
||||
Source0: https://www.apache.org/dist/logging/%{name}/%{version}/apache-%{name}-%{version}-src.tar.gz
|
||||
|
||||
Patch2: logging-log4j-Remove-unsupported-EventDataConverter.patch
|
||||
|
||||
@ -284,6 +284,9 @@ rm -r log4j-1.2-api/src/main/java/org/apache/log4j/or/jms
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Dec 28 2021 Paul Wouters <paul.wouters@aiven.io> - 2.17.1-1
|
||||
- Update log4j to 2.17.1 for CVE-2021-44832 RCE via JDBC Appender (when attacker controls config)
|
||||
|
||||
* Sat Dec 18 2021 Paul Wouters <paul.wouters@aiven.io> - 2.17.0-1
|
||||
- Update log4j to 2.17.0 for CVE-2021-45105 Denial of Service attack
|
||||
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (apache-log4j-2.17.0-src.tar.gz) = 23433baa39a8cc76164ae96307e85b9e4ea671028015df6171bfaf025a1e1aaacf76a94a1beef67aada56952f013a8eae94024869a8530f42a3747ba70cc3a90
|
||||
SHA512 (apache-log4j-2.17.1-src.tar.gz) = 21cdfca54eb0d6af261a5ae89ff98197473d9c0203b0ab530f3aef6c90957bfb95a423983c8a19d7fbab05ec194b6fad8e46628e32270dd8b94ddd194a1cb177
|
||||
|
||||
Loading…
Reference in New Issue
Block a user