Update log4j to 2.13.0(due to CVE-2019-17571) ---------------------------------------------- Key: JBIDE-27040 URL: https://issues.redhat.com/browse/JBIDE-27040 Project: Tools (JBoss Tools) Issue Type: Bug Components: build, openshift Affects Versions: 4.14.0.Final Reporter: Josef Kopriva Assignee: Josef Kopriva Priority: Major Fix For: 4.14.0.Final From repo: {code:java} CVE-2019-17571 moderate severity Vulnerable versions: >= 1.2, <= 1.2.27 Patched version: No fix Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. {code}