https://bugzilla.redhat.com/show_bug.cgi?id=2050898
Bug ID: 2050898
Summary: maven-reporting-api-3.1.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: maven-reporting-api
Keywords: FutureFeature, Triaged
Assignee: loganjerry(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
loganjerry(a)gmail.com, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 3.1.0
Current version/release in rawhide: 3.0-23.fc36
URL: http://maven.apache.org/shared/maven-reporting-api/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/1931/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2050898
https://bugzilla.redhat.com/show_bug.cgi?id=1884967
Bug ID: 1884967
Summary: atinject-2.0.0-RC2 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: atinject
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 2.0.0-RC2
Current version/release in rawhide: 1-35.20100611svn86.fc33
URL: http://javax-inject.github.io/javax-inject/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/129/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
Greg Scott <gscott(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gscott(a)redhat.com
--- Comment #123 from Greg Scott <gscott(a)redhat.com> ---
> We are running: rhvm-4.4.9.5-0.1.el8ev.noarch
>
> Our question is what is the impact of removing the log4j RPM's on a Hosted
> Engine?
>
> We have these log4j RPMs installed:
> # rpm -qa | grep log4j
> log4j12-1.2.17-22.module+el8+2598+06babf2e.noarch
> ovirt-engine-extension-logger-log4j-1.1.1-1.el8ev.noarch
> eap7-log4j2-jboss-logmanager-1.0.0-1.Final_redhat_00001.1.el8eap.noarch
> eap7-log4j-jboss-logmanager-1.2.0-1.Final_redhat_00001.1.el8eap.noarch
> eap7-log4j-2.14.0-1.redhat_00002.1.el8eap.noarch
>
> What is the impact of removing them? Specifically, can we remove the 2.14
> version without impact? Is this affected by the CVE?
RHVM 4.4.z should not install any any log4j v2 at all. See the diagnostic steps
in https://access.redhat.com/solutions/6611691 for the log4j components
installed with RHVM 4.4.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
--- Comment #122 from Mike Murphy <micmurph(a)redhat.com> ---
(In reply to Stoyan Nikolov from comment #67)
> Red Hat Virtualization ships rhvm-appliance which includes a vulnerable
> version of log4j released by Red Hat EAP. Once EAP releases a fixed version
> of the package Red Hat Virtualization users can consume the fix with a
> regular update via the package manager inside the rhvm-appliance.
We are running: rhvm-4.4.9.5-0.1.el8ev.noarch
Our question is what is the impact of removing the log4j RPM's on a Hosted
Engine?
We have these log4j RPMs installed:
# rpm -qa | grep log4j
log4j12-1.2.17-22.module+el8+2598+06babf2e.noarch
ovirt-engine-extension-logger-log4j-1.1.1-1.el8ev.noarch
eap7-log4j2-jboss-logmanager-1.0.0-1.Final_redhat_00001.1.el8eap.noarch
eap7-log4j-jboss-logmanager-1.2.0-1.Final_redhat_00001.1.el8eap.noarch
eap7-log4j-2.14.0-1.redhat_00002.1.el8eap.noarch
What is the impact of removing them? Specifically, can we remove the 2.14
version without impact? Is this affected by the CVE?
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932