New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency to resolve issue relating to log4j CVE #28
Comments
@ReidWeb thank you for mentioning. I will take care of it as soon as I find some available time. |
Thanks, hopefully should find the time later to get something in to this effect |
[#28] Resolve dependency CVE for Log4J
@ReidWeb created a new version with your PR. Thank you for the contributions. New version is: |
Because of the log4j incident, the MVN central is working atrociously slow. It might take a while to sync, so it's best if you try tomorrow. |
Understandable, think a few repos were having that issue yesterday It's been found overnight that the fix is incomplete in |
Having some difficulties importing this into our project, don't see any tags or releases in your repo, do you know which commit in the repo corresponds to the |
From reviewing the git commitlog, looks like #23 added a good number of changes. #23 never appears to have been released independently, So has only just been released with We're facing an issue utilising the module
The constructor of Would it be at all possible to correct this? From my experience I'd recommend either:
Apologies if any of the above isn't correct, I'm by no means an expert in Kotlin or the JVM. |
I think there's a problem with the gradle version I've used to build up everything. Gradle is a nightmare when it comes to breaking changes. I need to take a deeper look to understand what is happening. I had/have limited time because the log4j incident was also problematic at work... I will comeback with some answers. Yes, there was a skip in versions. I think the problem is not with the constructor but with the way the jar is built. I will comeback with an answer hopefully soon. Meanwhile there's a agnostic fix to the log4j problem with running an agent. Use that. Sorry for the inconvenience. |
Tried to submit another fix to maven central: maven2): Failed to transfer file: https://oss.sonatype.org/service/local/staging/deploy/maven2/net/andreinc/mapneat/0.9.9/mapneat-0.9.9.pom.asc. Return code is: 405, ReasonPhrase: Not Allowed.
Things are getting more complicated... I will retry again later or tomorrow. |
Thanks for the update, we managed to bypass by enforcing a platform level dependency. I'll dig out the line tomorrow |
@ReidWeb can you please try again with:
If you are still experiencing problems (the constructor change should be backwards compatible), can you please:
|
All issues and concerns resolved with the implementation of 0.9.9. Thanks Andrei |
Happy to help. |
I think this broke again in
But it's working on |
@wafisher i will take another look this week to see why it's broken. Had some terrible times with maven central and gradle lately, so I need to get a closer anyways. Thank you for stopping by. |
A critical CVE has been discovered in Log4J that requires immediate resolution.
Further detail can be found here and here.
A dependency update is required of log4j dependencies to resolve.
The text was updated successfully, but these errors were encountered: