[ubuntu/impish-security] apache-log4j1.2 1.2.17-10ubuntu0.21.10.1 (Accepted)

Paulo Flabiano Smorigo pfsmorigo at canonical.com
Tue Jan 11 20:25:56 UTC 2022

apache-log4j1.2 (1.2.17-10ubuntu0.21.10.1) impish-security; urgency=medium

  * SECURITY UPDATE: code execution via JMS appender
    - debian/patches/0002-Disable-JNDI-by-default.patch: Add an additional
      option that disables the JMS appender by default.
    - CVE-2021-4104
  * Environments that require JMS Appender will need to add the following
    to their configuration file: log4j.appender.jms.Enabled=true

Date: 2022-01-11 19:03:10.087494+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the impish-changes mailing list