Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log4j vulnerability *NEW* #733

Closed
desjardd1 opened this issue Dec 17, 2021 · 5 comments
Closed

Log4j vulnerability *NEW* #733

desjardd1 opened this issue Dec 17, 2021 · 5 comments

Comments

@desjardd1
Copy link

Log4j was recently updated to use 2.15 in the log4j client.
This version is still impacted and its considered a critical vulnerability now.

Are simpleclient_log4j and simpleclient_log4j2 going to be updated to include version 2.16 here ASAP as security scanners from our the security team are flagging these and they need to know when they will be updated even if they are considered "Not in use".

Thanks!
Dan
@LeviHarrison LeviHarrison transferred this issue from prometheus/prometheus Dec 17, 2021
@LeviHarrison
Copy link
Member

LeviHarrison commented Dec 17, 2021
edited

Transferring to the appropriate repo, but I think this has already been addressed in ffb1416.

@fstab
Copy link
Member

fstab commented Dec 18, 2021

I just released 0.14.0 with a log4j update to 2.16.0.

@fstab fstab closed this as completed Dec 18, 2021
@LeviHarrison
Copy link
Member

Thanks for all your hard work these past two weeks!

@desjardd1
Copy link
Author

Yes thanks. Now its version 2.17 another update! :(

@fstab
Copy link
Member

fstab commented Dec 20, 2021

Here you go, a new release with 2.17: https://github.com/prometheus/client_java/releases/tag/parent-0.14.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fstab @LeviHarrison @desjardd1