Critical Log4j RCE bug (CVE-2021-44228)

Question

Critical Log4j RCE bug (CVE-2021-44228)

gionn opened this issue 3 years ago · 2 comments

This image needs to be updated to archiva 2.2.6

ref https://issues.apache.org/jira/projects/MRM/issues/MRM-2023

Answer 1 · 2021-12-16T07:13:17.000Z

@gionn - ~~thanks for the reminder! I'll check into it tomorrow.~~

Actually, this was both trivial to update and test, so I've done it now. The current v2 now includes the update and you can be sure by using tag v2.2.6 - see 151a305

Answer 2 · 2021-12-16T07:36:54.000Z

Fix available https://github.com/apache/archiva/releases/tag/archiva-2.2.6