Secure Log4j version in sample-spring-boot

SAP / cf-java-logging-support

The Java Logging Support for Cloud Foundry supports the creation of structured log messages and the collection of request metrics

Apache License 2.0

77 stars 48 forks source link

Secure Log4j version in sample-spring-boot #129

Closed KarstenSchnitter closed 2 years ago

KarstenSchnitter commented 2 years ago

The currently latest spring-boot-starter-log4j2 uses log4j v 2.14.1, which is vulnerable to several critical CVEs. This is addressed by exclusion and explicit version targeting log4j 2.17.0

Signed-off-by: Karsten Schnitter k.schnitter@sap.com