This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/master by this push:
new 527bd01 Adds announcement about Log4j 2.12.2/2.16.0
527bd01 is described below
commit 527bd01e312aff6ab8872cc6c5cf9f6bc3b33a9d
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Fri Dec 17 18:51:56 2021 +0100
Adds announcement about Log4j 2.12.2/2.16.0
---
source/index.html | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/source/index.html b/source/index.html
index 7c4ab32..4b236a8 100644
--- a/source/index.html
+++ b/source/index.html
@@ -31,12 +31,12 @@ title: Welcome to the Apache Struts project
<a href="{{ site.wiki_url }}/Version+Notes+{{ site.current_version
}}">Version notes</a>
</div>
<div class="column col-md-4">
- <h2>Security Advice on Log4j 2.15.0</h2>
+ <h2>Security Advice on Log4j 2.12.2/2.16.0</h2>
<p>
The Apache Struts Security team would like to announce that all the
users using
- the latest Struts 2.5.x series should upgrade Log4j library to the
- latest 2.15.0 version which addresses the Remote-Code-Execution
- vulnerability - CVE-2021-44228. .
+ the latest Struts 2.5.x series should either upgrade to Apache
Struts 2.5.28.1 which
+ uses Log4j 2.12.2 version that addresses <a
href="https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046";>CVE-2021-45046</a>
+ or upgrade Log4j to version 2.12.2 (when running on Java 1.7) or
2.16.0 (when running on Java 8+).
Read more in <a href="announce-2021#a20211212-2">Announcement</a>
</p>
</div>
