apache-log4j2 2.17.0-1 source package in Debian
Changelog
apache-log4j2 (2.17.0-1) unstable; urgency=high
* Team upload.
* New upstream version 2.17.0.
- Fix CVE-2021-45105:
Apache Log4j2 did not protect from uncontrolled recursion from
self-referential lookups. When the logging configuration uses a
non-default Pattern Layout with a Context Lookup (for example,
$${ctx:loginId}), attackers with control over Thread Context Map (MDC)
input data can craft malicious input data that contains a recursive
lookup, resulting in a denial of service. (Closes: #1001891)
Thanks to Salvatore Bonaccorso for the report.
-- Markus Koschany <email address hidden> Sat, 18 Dec 2021 17:09:22 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache-log4j2_2.17.0-1.dsc | 2.9 KiB | 44e3a04ac63579338c8e9b5c59850898e76a307bcf8271303447afa62c197f81 |
| apache-log4j2_2.17.0.orig.tar.xz | 1.2 MiB | 7c9a8976f9672bf7cc31ded21b2dddc5f6a3cee4621e53dfe5aab65ef82eae24 |
| apache-log4j2_2.17.0-1.debian.tar.xz | 7.3 KiB | 54b041799a600845d65c97ecf35e41c4129b5dbfee68f9cd96b1b1d60b49e615 |
Available diffs
- diff from 2.16.0-1 to 2.17.0-1 (36.2 KiB)
No changes file available.
