Open cosmocracy opened 4 years ago
This project has a dependency on Log4J. The version used (1.2.x) has a security advisory related to the socker server listener/appender. This is not used but it's worth upping the rev of Log4J just to avoid confusion/concern.
See: https://logging.apache.org/log4j/2.x/manual/migration.html
(In GitHub I dismissed the warning/alert and marked that we are not using the vulnerable portions of the code.)
This project has a dependency on Log4J. The version used (1.2.x) has a security advisory related to the socker server listener/appender. This is not used but it's worth upping the rev of Log4J just to avoid confusion/concern.
See: https://logging.apache.org/log4j/2.x/manual/migration.html