[SECURITY] Fix Log4Shell CVE-2021-44228
Critical Security Fix
This MR addresses CVE-2021-44228 (Log4Shell), a critical JNDI injection vulnerability in Apache Log4j 2.x.
Vulnerability Details
- CVSS Score: 10.0 (Critical)
- Attack Vector: Network
- Impact: Remote Code Execution
- Affected Version: log4j 2.14.1
Changes
- Upgraded
log4j2.versionfrom 2.14.1 to 2.17.1 - Removes JNDI lookup functionality
- Patches all known attack vectors
Testing
-
✅ Unit tests pass -
✅ SAST scan clean -
✅ Dependency scan shows no critical vulnerabilities
Closes #2 (closed)
cc: @bill_staples @michael_usanchenko
Edited by Administrator