Closed ghost closed 4 years ago
The toolkit includes log4j-1.2.17.jar, which has vulnerabilities CVE-2019-17571, CVE-2020-9488.
Resolved with toolkit version 3.2.1.
Resolution: log4j.jar is not delivered with the toolkit anymore as it is also part of the runtime platform.
The toolkit includes log4j-1.2.17.jar, which has vulnerabilities CVE-2019-17571, CVE-2020-9488.