Skip to content
This repository was archived by the owner on Dec 23, 2023. It is now read-only.

Commit 0899c0b

Browse files
amujumdarpunya
amujumdar
and
punya
authored
Add text for upgrading to latest log4j (#2089)
* Add text for upgrading to latest log4j * Update the package-specific README too Co-authored-by: Punya Biswal <[email protected]>
1 parent 1584507 commit 0899c0b

File tree

2 files changed

+23
-0
lines changed

2 files changed

+23
-0
lines changed

README.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,18 @@
66
[![Windows Build Status][appveyor-image]][appveyor-url]
77
[![Coverage Status][codecov-image]][codecov-url]
88

9+
> :exclamation: The [opencensus-contrib-log-correlation-log4j2](https://github.com/census-instrumentation/opencensus-java/tree/master/contrib/log_correlation/stackdriver)
10+
> Java client library is part of the OpenCensus project.
11+
> [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)
12+
> and [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046) disclosed
13+
> security vulnerabilities in the Apache Log4j 2 version 2.15 or below. The recent version
14+
> v0.28.3 depends on Log4j 2.11.1. A number of previous versions also depend on vulnerable
15+
> Log4j versions.
16+
>
17+
> :exclamation: We merged several fixes and published a release that depends on a safe version of
18+
> Log4j (2.16). **We strongly encourage customers who depend on the
19+
> opencensus-contrib-log-correlation-log4j2 library to upgrade to the latest
20+
> release [(v0.30.0)](https://repo1.maven.org/maven2/io/opencensus/opencensus-contrib-log-correlation-log4j2/0.30.0/).**
921
1022
OpenCensus is a toolkit for collecting application performance and behavior data. It currently
1123
includes 3 apis: stats, tracing and tags.

contrib/log_correlation/log4j2/README.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,16 @@
11
# OpenCensus Log4j 2 Log Correlation
22

3+
> :exclamation: [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)
4+
> and [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046) disclosed
5+
> security vulnerabilities in the Apache Log4j 2 version 2.15 or below. The recent version
6+
> v0.28.3 depends on Log4j 2.11.1. A number of previous versions also depend on vulnerable
7+
> Log4j versions.
8+
>
9+
> :exclamation: We merged several fixes and published a release that depends on a safe version of
10+
> Log4j (2.16). **We strongly encourage customers who depend on the
11+
> opencensus-contrib-log-correlation-log4j2 library to upgrade to the latest
12+
> release [(v0.30.0)](https://repo1.maven.org/maven2/io/opencensus/opencensus-contrib-log-correlation-log4j2/0.30.0/).**
13+
314
The `opencensus-contrib-log-correlation-log4j2` artifact provides a
415
[Log4j 2](https://logging.apache.org/log4j/2.x/)
516
[`ContextDataInjector`](https://logging.apache.org/log4j/2.x/manual/extending.html#Custom_ContextDataInjector)

0 commit comments

Comments
 (0)