Open ss207210 opened 2 years ago
Thank you for the issue. The understanding is that Photon is not affected by the Log4Shell vulnerability, because of the version that is used. However, that version is quite old, therefore we are in the process of migrating to the latest Log4J version (2.16), see https://github.com/Netflix/photon/pull/299
In case somebody ends up here looking for clarification - 1.2.17 is vulnerable in certain configurations. This will need to be mitigated in some way.
Photon is using log4j-1.2.17 version. IS Netflix is going to provide any patch for it ?