[SECURITY] Upgrade log4j to 2.17.1 as a vulnerability workaround

Question

[SECURITY] Upgrade log4j to 2.17.1 as a vulnerability workaround

Closed this issue 3 years ago · 3 comments

This ticket is related to #416 and #433 and is to capture PRs made as a result of changes advised by the Apache Foundation in https://logging.apache.org/log4j/2.x/security.html#log4j-2.17.1 as part of workaround to the recently discovered vulnerabilities in log4j v2.x.x. This ticket enhances the #267

To address:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832

Answer 1 · 2022-01-02T05:55:11.000Z

Applied retroactive fix for tag: https://github.com/azagniotov/stubby4j/releases/tag/v7.3.3 and rebuilt stubby4j Docker image tags:

azagniotov/stubby4j:7.3.3-jre8
azagniotov/stubby4j:7.3.3-jre11
azagniotov/stubby4j:7.3.3-jre15

Answer 2 · 2022-01-02T08:44:46.000Z

Applied retroactive fix for tag: https://github.com/azagniotov/stubby4j/releases/tag/v7.4.0 and rebuilt stubby4j Docker image tags:

azagniotov/stubby4j:7.4.0-jre8
azagniotov/stubby4j:7.4.0-jre11
azagniotov/stubby4j:7.4.0-jre16

Answer 3 · 2022-01-02T09:28:49.000Z

Applied retroactive fix for tag: https://github.com/azagniotov/stubby4j/releases/tag/v7.5.0 and rebuilt stubby4j Docker image tags:

v7.5.0

azagniotov/stubby4j:7.5.0-jre8
azagniotov/stubby4j:7.5.0-jre11
azagniotov/stubby4j:7.5.0-jre16