starlingx
/
tools
Code Issues Proposed changes

log4j: fix CVE-2022-23307 

Unsafe deserialization in chainsaw.  Advance to
version 1.2.17-18.el7_4.

=== Testing ===
build-pkgs/build-iso and boot.

log4j is not in the runtime system, nor is it in
the mock build environment.
===

Closes-bug: 1969993
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Change-Id: I0e16887da7c22173c0c05c60a49bf026521d93a7
This commit is contained in:
Joe Slater 2022-04-22 16:28:49 -04:00
parent 455b58905c
commit 2723cbfe5a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
centos-mirror-tools/config/centos/flock/rpms_centos.lst
View File

@ -545,7 +545,7 @@ lksctp-tools-1.0.17-2.el7.x86_64.rpm
lldpad-1.0.1-3.git036e314.el7.x86_64.rpm
lm_sensors-devel-3.4.0-6.20160601gitf9185e5.el7.x86_64.rpm
lm_sensors-libs-3.4.0-6.20160601gitf9185e5.el7.x86_64.rpm
log4j-1.2.17-16.el7_4.noarch.rpm
log4j-1.2.17-18.el7_4.noarch.rpm
lsof-4.87-6.el7.x86_64.rpm
lsscsi-0.27-6.el7.x86_64.rpm
lttng-ust-2.10.0-1.el7.x86_64.rpm