[ubuntu/hirsute-updates] apache-log4j1.2 1.2.17-10ubuntu0.21.04.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Jan 11 21:28:17 UTC 2022
apache-log4j1.2 (1.2.17-10ubuntu0.21.04.1) hirsute-security; urgency=medium
* SECURITY UPDATE: code execution via JMS appender
- debian/patches/0002-Disable-JNDI-by-default.patch: Add an additional
option that disables the JMS appender by default.
- CVE-2021-4104
* Environments that require JMS Appender will need to add the following
to their configuration file: log4j.appender.jms.Enabled=true
Date: 2022-01-11 19:03:16.197139+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-10ubuntu0.21.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Hirsute-changes
mailing list