Nice! I did not remember that 6.0.2 still used Log4j 1. On Sat, Dec 11, 2021 at 4:20 PM Michael Bien <mbie...@gmail.com> wrote:
> Hello Everyone, > > Just a heads up in case you are building and running apache roller from > master, please rebuild your instance with the latest changes. > > It contains an important dependency update > (https://github.com/apache/roller/pull/106) for log4j 2 which suffered > from a RCE security vulnerability, which was fixed in the latest version. > > Apache Roller 6.0.2 (latest release) should not be affected by this > particular vulnerability since it still uses the old log4j 1 library. > > best regards, > > michael > >
