apache-log4j2 2.17.0-1 source package in Debian
Changelog
apache-log4j2 (2.17.0-1) unstable; urgency=high * Team upload. * New upstream version 2.17.0. - Fix CVE-2021-45105: Apache Log4j2 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service. (Closes: #1001891) Thanks to Salvatore Bonaccorso for the report. -- Markus Koschany <email address hidden> Sat, 18 Dec 2021 17:09:22 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Builds
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
apache-log4j2_2.17.0-1.dsc | 2.9 KiB | 44e3a04ac63579338c8e9b5c59850898e76a307bcf8271303447afa62c197f81 |
apache-log4j2_2.17.0.orig.tar.xz | 1.2 MiB | 7c9a8976f9672bf7cc31ded21b2dddc5f6a3cee4621e53dfe5aab65ef82eae24 |
apache-log4j2_2.17.0-1.debian.tar.xz | 7.3 KiB | 54b041799a600845d65c97ecf35e41c4129b5dbfee68f9cd96b1b1d60b49e615 |
Available diffs
- diff from 2.16.0-1 to 2.17.0-1 (36.2 KiB)
No changes file available.