John Burnham created DOXIA-610:
----------------------------------

             Summary: Update doxia-module-fo to use latest log4j
                 Key: DOXIA-610
                 URL: https://issues.apache.org/jira/browse/DOXIA-610
             Project: Maven Doxia
          Issue Type: Dependency upgrade
          Components: Module - FO
    Affects Versions: 1.9.1
            Reporter: John Burnham


This is critical for a release.  The version of log4j is 1.2.17 and contains 
the following security risk:

[CVE_2020_9488|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488]

This should be updated to use org.apache.logging.log4j:log4j-core:2.13.2



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to