This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new caf8da3 Automatic Site Publish by Buildbot
caf8da3 is described below
commit caf8da3a7d15600dc8beae4e0d563e1a6e4b2fb6
Author: buildbot <[email protected]>
AuthorDate: Fri Dec 17 17:52:34 2021 +0000
Automatic Site Publish by Buildbot
---
output/index.html | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/output/index.html b/output/index.html
index de6f5b9..7717011 100644
--- a/output/index.html
+++ b/output/index.html
@@ -152,12 +152,12 @@
<a
href="https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.28.1";>Version
notes</a>
</div>
<div class="column col-md-4">
- <h2>Security Advice on Log4j 2.15.0</h2>
+ <h2>Security Advice on Log4j 2.12.2/2.16.0</h2>
<p>
The Apache Struts Security team would like to announce that all the
users using
- the latest Struts 2.5.x series should upgrade Log4j library to the
- latest 2.15.0 version which addresses the Remote-Code-Execution
- vulnerability - CVE-2021-44228. .
+ the latest Struts 2.5.x series should either upgrade to Apache
Struts 2.5.28.1 which
+ uses Log4j 2.12.2 version that addresses <a
href="https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046";>CVE-2021-45046</a>
+ or upgrade Log4j to version 2.12.2 (when running on Java 1.7) or
2.16.0 (when running on Java 8+).
Read more in <a href="announce-2021#a20211212-2">Announcement</a>
</p>
</div>
