From 5c70a72ed792065a39cd0a9c576d5d6b41487af2 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Sat, 18 Dec 2021 10:30:49 -0500 Subject: [PATCH] - Update log4j to 2.17.0 for CVE-2021-45105 Denial of Service attack --- .gitignore | 1 + log4j.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7002b69..98bad1f 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /apache-log4j-2.14.1-src.tar.gz /apache-log4j-2.15.0-src.tar.gz /apache-log4j-2.16.0-src.tar.gz +/apache-log4j-2.17.0-src.tar.gz diff --git a/log4j.spec b/log4j.spec index 9b6d64c..f4ba3fc 100644 --- a/log4j.spec +++ b/log4j.spec @@ -1,7 +1,7 @@ %bcond_without jp_minimal Name: log4j -Version: 2.16.0 +Version: 2.17.0 Release: 1%{?dist} Summary: Java logging package BuildArch: noarch @@ -284,6 +284,9 @@ rm -r log4j-1.2-api/src/main/java/org/apache/log4j/or/jms %changelog +* Sat Dec 18 2021 Paul Wouters - 2.17.0-1 +- Update log4j to 2.17.0 for CVE-2021-45105 Denial of Service attack + * Mon Dec 13 2021 Paul Wouters - 2.16.0-1 - Update log4j to 2.16.0 - Disables JNDI by default diff --git a/sources b/sources index 9f7eeee..59e1b34 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (apache-log4j-2.16.0-src.tar.gz) = c520a5af1ac4161f0b0c9cb466a0c6bf349cce567b8c1c1ee01fc0b0258852f0ef4f7a7967f367168f4395e7fdd981fd35b7cb6d5f236b6421699bd2b1ccf919 +SHA512 (apache-log4j-2.17.0-src.tar.gz) = 23433baa39a8cc76164ae96307e85b9e4ea671028015df6171bfaf025a1e1aaacf76a94a1beef67aada56952f013a8eae94024869a8530f42a3747ba70cc3a90