pierrebruninmaif
commented
2 years ago Hi Yannick, thank's for your contribution.
ps : Izanami use mainly Logback. Log4j is used for UTs and by a lib.
Closed ybasket closed 2 years ago
pierrebruninmaif
commented
2 years ago Hi Yannick, thank's for your contribution.
ps : Izanami use mainly Logback. Log4j is used for UTs and by a lib.
See https://www.lunasec.io/docs/blog/log4j-zero-day/#example-vulnerable-code
log4j versions below 2.15.0 are (under circumstances) vulnerable to remote code execution attacks, so this PR updates these to be sure Izanami can't be hacked that way (I'm not entirely sure where log4j and slf4j are used in the codebase, might be a candidate for being removed completely as well).