John Burnham created DOXIA-610: ---------------------------------- Summary: Update doxia-module-fo to use latest log4j Key: DOXIA-610 URL: https://issues.apache.org/jira/browse/DOXIA-610 Project: Maven Doxia Issue Type: Dependency upgrade Components: Module - FO Affects Versions: 1.9.1 Reporter: John Burnham
This is critical for a release. The version of log4j is 1.2.17 and contains the following security risk: [CVE_2020_9488|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9488] This should be updated to use org.apache.logging.log4j:log4j-core:2.13.2 -- This message was sent by Atlassian Jira (v8.3.4#803005)