Open sharon-tickell opened 11 months ago
The log4J dependencies in this application was/is to version 2.17.0 which still has the critical log4shell vulnerability that was patched almost 2 years ago. See https://logging.apache.org/log4j/2.x/index.html#important-security-vulnerability-cve-2021-44832
This PR updates both to v2.21.1, which is the current stable and supported version of log4j.
It would supersede https://github.com/Reading-eScience-Centre/ncwms/pull/87
See also the related edal-java PR at https://github.com/Reading-eScience-Centre/edal-java/pull/160
The log4J dependencies in this application was/is to version 2.17.0 which still has the critical log4shell vulnerability that was patched almost 2 years ago. See https://logging.apache.org/log4j/2.x/index.html#important-security-vulnerability-cve-2021-44832
This PR updates both to v2.21.1, which is the current stable and supported version of log4j.
It would supersede https://github.com/Reading-eScience-Centre/ncwms/pull/87