Closed DemiMarie closed 2 years ago
I noticed that the
pom.xml
uses insecure HTTP
I just updated the links to our artifactory in the pom.xml
to https, thank you for the hint (0c5ddf370ced5c0a426d47d5cd3b92def917cbea)
It also should ensure that it does not depend on a Log4J version vulnerable to Log4Shell.
We checked for this the day the exploit was published and luckily couldn't find any usage of Log4j, neither for LAREX directly nor for our docker setup.
Thanks for the quick response @maxnth!
I noticed that the
pom.xml
uses insecure HTTP, which is a bad idea. It also should ensure that it does not depend on a Log4J version vulnerable to Log4Shell.