Closed azerioglan closed 2 years ago
Hello @azerioglan
there is no direct dependency from log4j. I see log4j@1.2.12 as deep dependency.
AFAIK CVE-2021-44228 is applied to version range 2.0 <= Apache log4j < 2.15.0
.
Anyway there is the best workaround — run TeamCity with arg -Dlog4j2.formatMsgNoLookups=true
@alexkvak thank you for quick response
Hello @alexkvak I hope you are doing great today. just wanted to double check with you : We're using Teamcity version 2020 with the teamcity-slack plugin version 1.1.8. I just wanted to check if this plugin version is vulnerable to the log4j CVEs?