(logging-site) 10/11: Add Conan to old Log4cxx CVEs

Fri, 10 Apr 2026 06:33:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

pkarwasz pushed a commit to branch fix/new-cves
in repository https://gitbox.apache.org/repos/asf/logging-site.git

commit 509bae56416a5c211d8fb3465f29e2b0e2237d22
Author: Piotr P. Karwasz <[email protected]>
AuthorDate: Fri Apr 10 14:59:11 2026 +0200

    Add Conan to old Log4cxx CVEs
---
 src/site/static/cyclonedx/vdr.xml | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/site/static/cyclonedx/vdr.xml 
b/src/site/static/cyclonedx/vdr.xml
index f2104fee..83c6b76f 100644
--- a/src/site/static/cyclonedx/vdr.xml
+++ b/src/site/static/cyclonedx/vdr.xml
@@ -618,7 +618,7 @@ This may prevent applications that consume these logs from 
correctly interpretin
         <![CDATA[Users are recommended to upgrade to version `1.5.0`, which 
fixes the issue.]]></recommendation>
       <created>2025-08-22T07:31:10Z</created>
       <published>2025-08-22T07:31:10Z</published>
-      <updated>2025-08-22T07:31:10Z</updated>
+      <updated>2026-04-10T11:53:17Z</updated>
       <credits>
         <organizations>
           <organization>
@@ -636,6 +636,14 @@ This may prevent applications that consume these logs from 
correctly interpretin
             </version>
           </versions>
         </target>
+        <target>
+          <ref>log4cxx-conan</ref>
+          <versions>
+            <version>
+              <range><![CDATA[vers:semver>=0.11.0|<1.5.0]]></range>
+            </version>
+          </versions>
+        </target>
       </affects>
     </vulnerability>
 
@@ -676,7 +684,7 @@ Because logger names are generally constant strings, we 
assess the impact to use
         <![CDATA[Users are recommended to upgrade to version `1.5.0`, which 
fixes the issue.]]></recommendation>
       <created>2025-08-22T07:31:10Z</created>
       <published>2025-08-22T07:31:10Z</published>
-      <updated>2025-08-22T07:31:10Z</updated>
+      <updated>2026-04-10T11:53:17Z</updated>
       <credits>
         <organizations>
           <organization>
@@ -694,6 +702,14 @@ Because logger names are generally constant strings, we 
assess the impact to use
             </version>
           </versions>
         </target>
+        <target>
+          <ref>log4cxx-conan</ref>
+          <versions>
+            <version>
+              <range><![CDATA[vers:semver<1.5.0]]></range>
+            </version>
+          </versions>
+        </target>
       </affects>
     </vulnerability>

Reply via email to