[CentOS] log4j cve

Tue Dec 14 13:31:47 UTC 2021
Steve Meier <email at steve-meier.de>

Hello Steve,

Am 2021-12-14 14:14, schrieb Steve Clark:
>  This is the standard version that comes with CentOS 7 and is the
> latest available as of a yum update just now.
> log4j-1.2.17-16.el7_4.noarch

yes, that's correct, but it is abandoned nonetheless.

According to the RPM's change log, Red Hat backported a fix for 
They have not done this for CVE-2019-17571 it seems.
I would be very surprised if they'd do so now.

Kind regards,