On 2021-12-14 08:31, Steve Meier wrote:
Hello Steve,
Am 2021-12-14 14:14, schrieb Steve Clark:
This is the standard version that comes with CentOS 7 and is the
latest available as of a yum update just now.
log4j-1.2.17-16.el7_4.noarch
yes, that's correct, but it is abandoned nonetheless.
According to the RPM's change log, Red Hat backported a fix for
CVE-2017-5645.
They have not done this for CVE-2019-17571 it seems.
I would be very surprised if they'd do so now.
Well, given that they indicated on their page for this CVE that they
were still investigating the potential for the vulnerability existing in
1.2, it may happen.
It would be nice if there was a log4j-2 RPM available for C7, but as of
this point, I've not been been able to locate one.
--
Mike Burger
http://www.bubbanfriends.org
"It's always suicide-mission this, save-the-planet that. No one ever
just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos