[bug#52421] [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#52421] [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.

From:	Julien Lepiller
Subject:	[bug#52421] [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0.
Date:	Sat, 11 Dec 2021 03:11:59 +0100

Hi Guix!

today I learnt about a CVE on log4j. Looking more closely, it seems
that log4j2 has had 3 CVEs (at least 3 are listed on
https://logging.apache.org/log4j/2.x/security.html) and we're
vulnerable to all of them \o/

This series updates to the latest version. Thankfully, log4j keeps a
stable API, so there's no breakage in dependents, but a few
dependencies had to be added/updated.

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#52421] [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0., Julien Lepiller <=
- [bug#52421] [PATCH 1/5] gnu: java-jansi: Update to 2.4.0., Julien Lepiller, 2021/12/10
- [bug#52421] [PATCH 2/5] gnu: Add java-jctools-core-1., Julien Lepiller, 2021/12/10
  - [bug#52421] [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0., Ludovic Courtès, 2021/12/11
    - bug#52421: [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0., Julien Lepiller, 2021/12/12
- [bug#52421] [PATCH 3/5] gnu: Add java-conversant-disruptor., Julien Lepiller, 2021/12/10
- [bug#52421] [PATCH 5/5] gnu: java-log4j-api: Update to 2.15.0., Julien Lepiller, 2021/12/10
- [bug#52421] [PATCH 4/5] gnu. java-lmax-disruptor: Update to 3.4.4., Julien Lepiller, 2021/12/10
- [bug#52421] [PATCH][SECURITY] gnu: java-log4j-api: Update to 2.15.0., Ludovic Courtès, 2021/12/11

Prev by Date: [bug#52419] [PATCH] doc: Add group configuration example
Next by Date: [bug#52421] [PATCH 1/5] gnu: java-jansi: Update to 2.4.0.
Previous by thread: [bug#52419] [PATCH] doc: Add group configuration example
Next by thread: [bug#52421] [PATCH 1/5] gnu: java-jansi: Update to 2.4.0.
Index(es):
- Date
- Thread