Bug 1469402 - (6.4.z) Upgrade log4j from 1.2.16 to 1.2.16.redhat-3
(6.4.z) Upgrade log4j from 1.2.16 to 1.2.16.redhat-3
Status: ON_QA
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Build (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: CR1
: EAP 6.4.17
Assigned To: Vladimir Dosoudil
Jiri Truhlar
Depends On: 1467885
Blocks: CVE-2017-5645 eap6417-payload
  Show dependency treegraph
Reported: 2017-07-11 04:30 EDT by Vladimir Dosoudil
Modified: 2017-08-10 07:56 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Component Upgrade
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker JBEAP-12686 Major New (7.0.z) Upgrade log4j from 1.2.16 to 1.2.16-redhat-3 2017-08-17 05:43 EDT

  None (edit)
Description Vladimir Dosoudil 2017-07-11 04:30:59 EDT

Comment 2 Petr Penicka 2017-07-11 04:45:13 EDT
Adding to 6.4.17 payload since it is necessary to fix CVE-2017-5645, which is already on payload.
Comment 3 Petr Penicka 2017-07-11 04:47:35 EDT
Also granting all acks since Important CVEs go on payload automatically.
Comment 5 Tomas Hoger 2017-07-11 05:08:42 EDT
CVE-2017-5645 is already public, no need for security group here.

Note You need to log in before you can comment on or make changes to this bug.