when will log4j vulnerability be fixed?

Backblaze / b2-sdk-java

The official Java SDK for using Backblaze's B2 Storage APIs

Other

93 stars 26 forks source link

when will log4j vulnerability be fixed? #161

Closed ddsky closed 2 years ago

ddsky commented 2 years ago

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250

johnlcox commented 2 years ago

The SDK doesn't have a dependency on log4j, and the CVE you linked is a junit vulnerability, so I assume you actually meant junit.

CVE-2020-15250 was fixed in commit 92f9d7e30c8cc1d640a5d3fd2e84e9e32c573e08, but since junit is only a test dependency we weren't planning to release it by itself. We were going to wait and release it along with upcoming feature changes in the next few months.

ddsky commented 2 years ago

Hey John, you're right, I meant junit, sorry. Got the point about release, thanks.