Skip to content

Upgrade log4j2 to 2.25.5 to remediate CVE-2026-49844#448

Merged
laffer1 merged 2 commits into
masterfrom
copilot/fix-log4j-vulnerability
Jul 12, 2026
Merged

Upgrade log4j2 to 2.25.5 to remediate CVE-2026-49844#448
laffer1 merged 2 commits into
masterfrom
copilot/fix-log4j-vulnerability

Conversation

Copilot AI commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

CVE-2026-49844 (Medium, CVSS 5.8) affects log4j-api < 2.25.5. Bumps the shared log4j2.version property, which covers log4j-api, log4j-core, and log4j-slf4j2-impl.

Change

<!-- pom.xml -->
- <log4j2.version>2.25.4</log4j2.version>
+ <log4j2.version>2.25.5</log4j2.version>

@laffer1

laffer1 commented Jul 12, 2026

Copy link
Copy Markdown
Collaborator

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@deepsource-io

deepsource-io Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

DeepSource Code Review

We reviewed changes in ff141b6...94c0778 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
PHP Jul 12, 2026 7:08p.m. Review ↗
Java Jul 12, 2026 7:08p.m. Review ↗
Shell Jul 12, 2026 7:08p.m. Review ↗
JavaScript Jul 12, 2026 7:08p.m. Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

Copilot AI changed the title [WIP] Fix vulnerability in log4j-api-2.25.4.jar Upgrade log4j2 to 2.25.5 to remediate CVE-2026-49844 Jul 12, 2026
Copilot AI requested a review from laffer1 July 12, 2026 19:08
@laffer1 laffer1 marked this pull request as ready for review July 12, 2026 19:19
@laffer1 laffer1 merged commit f56ad63 into master Jul 12, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

log4j-api-2.25.4.jar: 1 vulnerabilities (highest severity is: 5.8)

2 participants