-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OWASP giving security error on Chronicle-Logger #101
Comments
I tried latest chronicle wire but problem still appears |
@eix128 I don't understand what the problem is - can you advise what the security vulnerabilities are please? |
you can checkout the problem yourself for latest version |
@eix128 this is a false positive - jeremylong/DependencyCheck#5024 |
@JerryShea
|
I don't think you will see this in the latest chronicle-logger (2.24ea2) - when I check dependencies on that I see that log4j2 is at 2.17.1 |
hi i tried owasp security on your library but i got error as shown below:
MAVEN DEPENDENCY
org.owasp
dependency-check-maven
6.5.3
true
true
ERROR:
One or more dependencies were identified with known vulnerabilities in LabiysWebService:
CVE-2021-41093`
kotlin-stdlib-1.4.10.jar (pkg:maven/org.jetbrains.kotlin/kotlin-stdlib@1.4.10, cpe:2.3:a:jetbrains:kotlin:1.4.10:*:*:*:*:*:*:*) : CVE-2020-29582
kotlin-stdlib-common-1.4.0.jar (pkg:maven/org.jetbrains.kotlin/kotlin-stdlib-common@1.4.0, cpe:2.3:a:jetbrains:kotlin:1.4.0:*:*:*:*:*:*:*) : CVE-2020-15824, CVE-2020-29582
log4j-slf4j-impl-2.17.0.jar (pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.0, cpe:2.3:a:apache:log4j:2.17.0:*:*:*:*:*:*:*) : CVE-2021-44832
See the dependency-check report for more details.
`
The text was updated successfully, but these errors were encountered: