This fixes . This particular vulnerability does not seem as applicable to Openfire as the recent ones, in Log4j. Still, including a newer version of Log4j would be good: if only because lots of eyes are on log4j right now, and lots of people are on edge, waiting for any available update.
Environment
None
Activity
Show:
Daryl Herzmann January 3, 2022 at 9:32 PM
Release 4.6.7 has this now as well.
Daryl Herzmann January 3, 2022 at 3:40 PM
Updated issue to reflect that 2.17.1 has now been merged into master == 4.7.0
Matthew Wolfe December 29, 2021 at 1:06 PM
Yesterday Log4j 2.17.1 became available, which addresses CVE-2021-44832.
This fixes . This particular vulnerability does not seem as applicable to Openfire as the recent ones, in Log4j. Still, including a newer version of Log4j would be good: if only because lots of eyes are on log4j right now, and lots of people are on edge, waiting for any available update.