Publishing details
Changelog
apache-log4j1.2 (1.2.17-10+deb11u1) bullseye; urgency=medium
* Team upload.
* Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
Multiple security vulnerabilities have been discovered in
Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
JMSAppender or Apache Chainsaw. Note that a possible attacker requires
write access to the Log4j configuration and the aforementioned features are
not enabled by default. In order to completely mitigate against these
vulnerabilities the related classes have been removed from the resulting
jar file.
-- Markus Koschany <email address hidden> Sat, 12 Feb 2022 10:54:14 +0100
Builds
Package files