IBMStreams / streamsx.messagehub

Repository to provide easy integration with IBM MessageHub Bluemix Service
https://ibmstreams.github.io/streamsx.messagehub/
Apache License 2.0
1 stars 6 forks source link

toolkit includes a vulnerable log4j.jar #114

Closed ghost closed 4 years ago

ghost commented 4 years ago

The toolkit includes log4j-1.2.17.jar, which has vulnerabilities CVE-2019-17571, CVE-2020-9488.

ghost commented 4 years ago

Resolved with toolkit version 3.2.1.

Resolution: log4j.jar is not delivered with the toolkit anymore as it is also part of the runtime platform.