stable

jansi-2.1.1-4.fc34 and log4j-2.16.0-1.fc34

FEDORA-2021-66d6c484f3 created by adamwill a year ago for Fedora 34

This update provides log4j 2.16.0, to address the critical vulnerability CVE-2021-44228 ("Log4Shell"). Note with 2.16.0, JNDI is entirely disabled by default; to use it, you must set log4j2.enableJndi (please carefully consider potential security issues before doing so).

The updated jansi adds (back) a feature, AnsiRenderer, which the newer log4j requires; this is the only change to jansi.

For other changes in log4j 2.16.0, see the upstream changelog. Most changes are compatible enhancements or bug fixes, but there may be some behaviour changes.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-66d6c484f3

This update has been submitted for testing by adamwill.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago
User Icon huzaifas commented & provided feedback a year ago
karma

works for me

BZ#2030945 CVE-2021-44228 log4j: log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [fedora-all]
karma
BZ#2030945 CVE-2021-44228 log4j: log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [fedora-all]

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#2030945 CVE-2021-44228 log4j: log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [fedora-all]
0
2

Automated Test Results

ignored