apache-log4j2 2.17.1-1 source package in Debian
Changelog
apache-log4j2 (2.17.1-1) unstable; urgency=high
* Team upload.
* New upstream version 2.17.1.
- Fix CVE-2021-44832:
Apache Log4j2 is vulnerable to a remote code execution
(RCE) attack where an attacker with permission to modify the logging
configuration file can construct a malicious configuration using a JDBC
Appender with a data source referencing a JNDI URI which can execute
remote code. This issue is fixed by limiting JNDI data source names to
the java protocol.
Thanks to Salvatore Bonaccorso for the report. (Closes: #1002813)
-- Markus Koschany <email address hidden> Wed, 29 Dec 2021 11:44:21 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache-log4j2_2.17.1-1.dsc | 2.9 KiB | b9a277fc77c1f885dfd1245f5ffb39dd134cc7ddc3683f9ed74f8b1ab5c5c1e9 |
| apache-log4j2_2.17.1.orig.tar.xz | 1.2 MiB | c7139fdcad10a8470da5c3f8d818c3eefe63c88e21518c27e558048ed3b90b15 |
| apache-log4j2_2.17.1-1.debian.tar.xz | 7.5 KiB | 118439225ec8cf5a5c63b0b59ef7311026be74a9c012d698e907cf5b3f4188fe |
Available diffs
- diff from 2.17.0-1 to 2.17.1-1 (27.0 KiB)
No changes file available.
