Publishing details

• Published on 2022-03-26

Changelog

apache-log4j1.2 (1.2.17-10+deb11u1) bullseye; urgency=medium

  * Team upload.
  * Fix CVE-2021-4104, CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307.
    Multiple security vulnerabilities have been discovered in
    Apache Log4j 1.2 when it is configured to use JMSSink, JDBCAppender and
    JMSAppender or Apache Chainsaw. Note that a possible attacker requires
    write access to the Log4j configuration and the aforementioned features are
    not enabled by default. In order to completely mitigate against these
    vulnerabilities the related classes have been removed from the resulting
    jar file.

 -- Markus Koschany <email address hidden>  Sat, 12 Feb 2022 10:54:14 +0100

Builds

Package files

• apache-log4j1.2_1.2.17-10+deb11u1.debian.tar.xz (26.5 KiB)
• apache-log4j1.2_1.2.17-10+deb11u1.dsc (2.4 KiB)
• apache-log4j1.2_1.2.17.orig.tar.gz (539.1 KiB)