[wildfly-dev] wildfly, log4j2 CVE fixes and fix releases

Hello Wildflyers, I see that wildfly 26.0.1 refers to log4j2 version 2.17.1 and this is good due to the recent kerfuffle with log4j2 CVEs. However, I don't see this being patched back to earlier wildfly versions. Is there any plan to? I am on wildfly 23 and am using JDK8. There is a plan to eventually move to JDK11 but it is some way off. Once we're there I expect it'll stay that way for several years. So I am hesitant in moving to a more recent version of wildfly - I am not sure what support there is for the older JDKs. -- Regards, Andrew Marlow http://www.andrewpetermarlow.co.uk