I am using Neo4J 4.3.9 Community. It has been updated to use log4j 2.16.0.
I would like to know if there is a date set for a release which upgrades log4j to 2.17.x?
I have seen the update on this page (Apache Log4j Security Vulnerability(CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)y3dtd0_gaMTE0ODcwMjQyOC4xNjM2OTgzOTQ1_ga_DL38Q8KGQC*MTY0MTQ2NjA4NC4xMi4xLjE2NDE0Njk4MzguMA..&_ga=2.154404349.438795758.1641466089-1148702428.1636983945) Which says the following:
"We are working towards upgrading to the latest version of Log4j (2.17.0) and targeting to release within the priority-based remediation timeframes that are outlined in Neo4j vulnerability management policy."
...but I was wondering if there is a specific date set yet.
I am aware of the mitigations described etc.
Thanks a lot.