[CVE-2021-44228]: Update Log4J to resolve security issues

Mojang / DataFixerUpper

A set of utilities designed for incremental building, merging and optimization of data transformations.

MIT License

1.2k stars 138 forks source link

Closed Gamebuster19901 closed 2 years ago

Gamebuster19901 commented 2 years ago

Without this, downstream projects that depend on DataFixerUpper may become vulnerable if they don't explicitly specify which log4j version to use.

boq commented 2 years ago

We will probably switch to SLF4J (at least for libraries), so this PR might not be needed

Gamebuster19901 commented 2 years ago

Okay, feel free to close if you merge #60

Gamebuster19901 commented 2 years ago

Superseded by #60