search

IBMStreams / streamsx.kafka

Repository for integration with Apache Kafka
https://ibmstreams.github.io/streamsx.kafka/
Apache License 2.0
13 stars 9 forks source link

Toolkit includes a vulnerable version of log4j. #216

Closed ghost closed 4 years ago

ghost commented 4 years ago

The toolkit includes log4j-1.2.17.jar, which has vulnerabilities CVE-2019-17571, CVE-2020-9488.

ghost commented 4 years ago

Resolved with toolkit version 3.1.1.

Resolution: log4j.jar is not delivered with the toolkit anymore as it is also part of the runtime platform.