apache-log4j2 2.15.0-1 source package in Debian
Changelog
apache-log4j2 (2.15.0-1) unstable; urgency=high
* Team upload.
* New upstream version 2.15.0.
- Fix CVE-2021-44228:
Chen Zhaojun of Alibaba Cloud Security Team discovered that JNDI features
used in configuration, log messages, and parameters do not protect
against attacker controlled LDAP and other JNDI related endpoints. An
attacker who can control log messages or log message parameters can
execute arbitrary code loaded from LDAP servers when message lookup
substitution is enabled. From version 2.15.0, this behavior has been
disabled by default. (Closes: #1001478)
* Update debian/watch to track the latest releases.
* Declare compliance with Debian Policy 4.6.0.
-- Markus Koschany <email address hidden> Sat, 11 Dec 2021 15:01:57 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache-log4j2_2.15.0-1.dsc | 2.9 KiB | 221286f075e51ff2d6154ae6b420c65e5d4e828885bb7a3384f6537b27ed2456 |
| apache-log4j2_2.15.0.orig.tar.xz | 1.2 MiB | bfe55d5b3b6e636cc45c7f8ab35a531e14d9b07c33c6b1afe098571b0a71a02a |
| apache-log4j2_2.15.0-1.debian.tar.xz | 7.0 KiB | 23837f95be4b7f7870b7308322de52c4bb676b8f74c6ac22a4b441caf0904386 |
Available diffs
- diff from 2.13.3-1 to 2.15.0-1 (562.8 KiB)
No changes file available.
