Skip to content

Update dependency log4j version to avoid security vulnerability #1175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gliu6 opened this issue Dec 14, 2021 · 0 comments
Closed

Update dependency log4j version to avoid security vulnerability #1175

gliu6 opened this issue Dec 14, 2021 · 0 comments
Assignees
@ipolevoy
Labels
Module: Other

Comments

@gliu6
Copy link

gliu6 commented Dec 14, 2021

According to https://logging.apache.org/log4j/2.x/security.html
Log4j all versions from 2.0-beta9 to 2.14.1 has critical vulnerabilities.
The log4j-core and log4j-api and log4j-slf4j-impl used in ativejdbc should be updated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ipolevoy ipolevoy

Labels
Module: Other
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ipolevoy @gliu6