On 11/12/2021 00:41, Naresh Annangar wrote:
Hi Team,
While checking for CVE-2021-44228, we noticed the presence of Log4j v1.2.17
packaged along with Tomcat.
Noticed where?
Tomcat version?
Download location?
Mark
Log4j lists 1.x as unsupported. Is there any
analysis or information available
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
--- Comment #25 from Allan ---
Hi Mark, I have carried out a number of connectivity tests. Result as follow.
Tomcat 8.5.72-4795df9 and 9.0.57-115334b with Oracle Java JDK 9,11,13
(specifically 9.0.4, 11.0.2, 13.0.2) on RHEL 7 and Windows
HTTP
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
--- Comment #26 from Michael Osipov ---
Reason is code has been compiled on Java 9+ which is not backward compatible.
--
You are receiving this mail because:
You are the assignee for the bug.
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
--- Comment #27 from Mark Thomas ---
(In reply to Allan from comment #25)
> Hi Mark, I have carried out a number of connectivity tests. Result as
> follow.
>
> Tomcat 8.5.72-4795df9 and 9.0.57-115334b with Oracle Java JDK 9,11,13
> (specifica
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
+---+
| Bugzilla Bug ID |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned
11 matches
Mail list logo
