Hello Steve,
Am 2021-12-14 14:14, schrieb Steve Clark:
This is the standard version that comes with CentOS 7 and is the
latest available as of a yum update just now.
log4j-1.2.17-16.el7_4.noarch
yes, that's correct, but it is abandoned nonetheless.
According to the RPM's change log, Red Hat backported a fix for
CVE-2017-5645.
They have not done this for CVE-2019-17571 it seems.
I would be very surprised if they'd do so now.
Kind regards,
Steve
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
