upgrade to log4j2 2.17.1 and pax-logging 1.11.13/2.0.14

Description

While there continue to be new CVEs related to log4j, I believe they don't affect us unless an attacker has filesystem access to the configuration files.

That said, it's worth keeping up just to eliminate any possible issues that upstream has solved in these patches.

Acceptance / Success Criteria

None

Linked issues

is cloned by

NMS-14224

Upgrade to pax-logging 2.0.15

Lucidchart Diagrams

Activity

Show:

Benjamin Reed January 6, 2022 at 9:44 PM

Fixed in foundation-2019 and up

Benjamin Reed January 4, 2022 at 4:15 PM

PRs: https://github.com/OpenNMS/opennms/pull/4055 and https://github.com/OpenNMS/opennms/pull/4056

Fixed

Details
Assignee
Benjamin Reed
Reporter
Benjamin Reed
Story Points
1
Sprint
None
Fix versions
Meridian-2019.1.29
Meridian-2020.1.18
Meridian-2021.1.10
29.0.5
Priority
Major

PagerDuty

Created January 4, 2022 at 4:08 PM

Updated June 27, 2023 at 9:45 PM

Resolved January 6, 2022 at 9:44 PM

Configure

upgrade to log4j2 2.17.1 and pax-logging 1.11.13/2.0.14

Description

Acceptance / Success Criteria

Linked issues

is cloned by

Lucidchart Diagrams

Activity

Benjamin Reed January 6, 2022 at 9:44 PM

Benjamin Reed January 4, 2022 at 4:15 PM

DetailsAssigneeBenjamin ReedBenjamin ReedReporterBenjamin ReedBenjamin ReedStory Points1SprintNone+2Fix versionsMeridian-2019.1.29Meridian-2020.1.18Meridian-2021.1.1029.0.5PriorityMajor

Details

Assignee

Reporter

Story Points

Sprint

Fix versions

Priority

PagerDutyPagerDuty Incident

PagerDuty

Details
Assignee
Benjamin Reed
Reporter
Benjamin Reed
Story Points
1
Sprint
None
Fix versions
Meridian-2019.1.29
Meridian-2020.1.18
Meridian-2021.1.10
29.0.5
Priority
Major

PagerDuty