Apache has issued an advisory today (April 25): https://www.openwall.com/lists/oss-security/2020/04/25/1 The issue is fixed upstream in 2.13.2. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
log4j has been updated to 2.13.3 in Cauldron, fixing this, but log4j12 is still vulnerable.
Source RPM: log4j-2.11.1-2.mga8.src.rpm, log4j12-1.2.17-20.mga8.src.rpm => log4j-2.11.1-1.mga7.src.rpm, log4j12-1.2.17-19.mga7.src.rpm
Status comment: (none) => Fixed upstream in 2.13.2, log4j12 also needs to be patched
not in cauldron anymore
CC: (none) => mageiaVersion: Cauldron => 7Whiteboard: MGA7TOO => (none)
log4j12-1.2.17-21.mga8.noarch.rpm log4j12-javadoc-1.2.17-21.mga8.noarch.rpm are still there unfortunately.
Version: 7 => CauldronWhiteboard: (none) => MGA7TOO
not anymore ;-) wait for your mirror to be synced.
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Resolution: (none) => OLDStatus: NEW => RESOLVED